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W ell, I hope you enjoyed the epic 100 page FCM#100. With this issue, normal service 

resumes. We've no Python this month (Greg is getting some surgery done), but we do 
have the usual Inkscape, LibreOffice, the second part of creating a website with 
infrastructure, and a HowTo on installing a newer software version. Sometimes the 
repositories are a bit out of date, and it takes a PPA to get the latest, and (hopefully!) 
greatest version of some software. Alan Ward is showing you how it's done. 

I've cheated a bit this month with my Arduino column in that there's no actual Arduino in 
it, but it is still electronics related. Tron-Club is a new monthly electronics box that I signed 
up for, and, I have to say, I'm impressed. I hope more people sign up for it, and it really takes 
off. It's a great idea to gently nudge people into electronics. 
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Charles discusses installing Drupai 7in Linux Labs, SJ discusses ChromeOS apps and 
addons in Chrome Cult. Also, the first viruses in his Linux Loopback section. 

Things are heating up in the world of Ubuntu phones. The BQ E4.5 and E5HD are now, 
both, available worldwide, and the Indian online retailer SnapDeal is selling both BQ phones 
tailored to India (ie: with pre-installed Indian scopes). This is great news. Even while still in its 
infancy the Ubuntu phones are doing great. While there's still to be an official U.S. release 
(with hardware tailored to that market) the BQ phones are a great starting point. 


All the best, and keep in touch! 

Ronnie 

ronnie@fullcirclemaqazine.org 




aoo.al/FRTMl 


D facebook.com/fullcircle 
magazine 


twitter.eom/#l/fullcirclemaq 


— http://issuu.com/fullcircle 
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https://plav.qooqle.com 
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Migrate from 
Proprietary Software to 
Linux to Create Cost 
Savings 

A mongst the top IT trends of 
the moment is the 
development of Linux Containers. 
Financial and technical investors, 
Linux software programmers and 
customers believe that Linux 
Containers will transform the way 
organisations manage their Linux 
environments from deployment to 
maintenance. A recent survey by 
Red Hat and Techvalidate says that 
56% of the respondents plan to 
use Linux containers as vehicles for 
rolling out web and eCommerce 
over the next two years. The 
respondents included a number of 
Fortune 500 companies and public 
sector organisations. Any 
development in the world of e- 
Commerce is definitely worth 
taking a look. 

Linux migrations aren't new. 
Amazon did it in 2001 and the 
eCommerce giant saved $500 on 
software for each server at the 


time. The real driver went beyond 
cost because Amazon could use 
commodity X86 servers rather than 
proprietary UNIX ones. This saved 
the firm $50,000 per server. 
Nowadays the running of Linux 
servers has become the norm, but 
virtualisation and Cloud 
technologies have become 
increasingly common in 
comparison to the beginning of the 
century. 

Source: 

http://www.smartdatacollective.co 

m/linuxit/34081 3/miqrate- 
proprietarv-software-linux-create- 

cost-savinqs 

Submitted by: Arnfried Walbrecht 

Ubuntu Kylin 15.10 Beta 
1 Is Out with Updated 
Software Center, Linux 
Kernel 4.1 LTS 

U buntu Kylin 15.10 Beta 1 is 
powered by Linux kernel 4.1 
LTS and introduces updates to the 
most important Ubuntu Kylin- 


specific packages, such as the 
Ubuntu Kylin Theme (ubuntukylin- 
theme), which has been updated to 
version 1.4.0, bringing new Ubuntu 
Kylin 1 5.1 0 logos to the Unity 
Greeter and Plymouth boot splash 
screen. 

The Ubuntu Kylin Software 
Center has been updated to 
version 1.3.5, a release that 
includes optimizations to the list of 
software, the addition of a mouse 
hover effect, a progress bar for the 
installation, upgrading, and 
uninstallation of software, as well 
as multiple optimizations to the 
state of the progress bar and the 
blurbs. 

The Youker Assistant tool 
reached version 2.0.3 with 
adjustments to the layout of the 
interface, smoother transition 
when switching the interface, 
beautified skin center, setting 
module, menu, and info module, 
revamped About dialog, animation, 
and skin center, an added upgrade 
function, and support for 
displaying the hardware 
manufacturer's logo. 


Source: 

http://news.softpedia.eom/news/u 

buntu-kvlin-1 5-1 0-beta-1 -is-out- 

with-updated-software-center- 

linux-kernel-4-1-lts-490282.shtml 

Submitted by: Arnfried Walbrecht 

Linux Foundation's 

SECURITY CHECKLIST CAN 
HELP SYSADMINS HARDEN 
WORKSTATIONS 

I f you're a Linux user, especially a 
systems administrator, the Linux 
Foundation has some security tips 
to share with you, and they're 
quite good. 

Konstantin Ryabitsev, the 
Foundation's director of 
collaborative IT services, published 
the security checklist that the 
organization uses to harden the 
laptops of its remote sysadmins 
against attacks. 

The recommendations aim to 
balance security decisions with 
usability and are accompanied by 


full circle magazine #101 



4 


^ contents ~ 





NEWS 


explanations of why they were 
considered. They also have 
different severity levels: critical, 
moderate, low and paranoid. 

Critical recommendations are 
those whose implementation 
should be considered a must-do. 
They include things like enabling 
SecureBoot to prevent rootkits or 
"Evil Maid" attacks, and choosing a 
Linux distribution that supports 
native full disk encryption, has 
timely security updates, provides 
cryptographic verification of 
packages and supports Mandatory 
Access Control (MAC) or Role- 
Based Access Control (RBAC) 
mechanisms like SELinux, 
AppArmor or Grsecurity. 

Source: 

http://www.pcworld.eom/article/2 

978136/linux-foundations-securitv- 

checklist-can-help-sysadmins- 

harden-workstations.html 
Submitted by: Arnfried Walbrecht 

How Ubuntu 15.04 Vivid 
Vervet Can Prove Useful 
for Enterprise WiFi 

E very business generates data, 
regardless of its scale. Run a 


business for a month or so and see 
how deep you get buried inside the 
data that it spawns. 

The connectivity needs of an 
enterprise center around data. A 
connection is useful when it 
protects enterprise data and 
makes data transmission fast. 
Whether the connection is cellular 
or WiFi, if it fails to offer security 
and speed, it's not useful for an 
enterprise. 


embedded tools. 

Source: 

http://smallbiztrends.com/2015/09 

/ubuntu-1 5-04-vivid-vervet- 

enterprise-wifi.html?tr=sm 
Submitted by: Arnfried Walbrecht 

XlAOMI IS RUMORED TO BE 
WORKING ON A LAPTOP... 

running Linux! 


promises that will only fall flat 
when the public gets product in 
hand and is utterly disappointed. 
You, however, would be wrong. 
Why? Simple. 

Xiaomi has made a massive 
name for itself bringing custom 
versions of Android (called MIUI) to 
its smartphones. So, the Xiaomi 
faithful are accustomed to working 
with a variant in their interfaces. 
That translates to an vanishing 
barrier to entry for a Linux- 
powered laptop released by the 
company. 

Source: 

http://www.techrepublic.com/artic 

le/xiaomi-is-rumored-to-be- 

workinq-on-a-laptop-runninq-linux/ 

Submitted by: Arnfried Walbrecht 


IBM Joins Open 
Mainframe Project For 
Wider Linux Adoption; 
New LinuxONE 
Mainframes Launched 

I BM breathes new life into its 
open mainframe strategy with 
the announcement of new 
initiatives for wider Linux adoption 

contents ^ 


Ubuntu is perhaps the most 
preferred Linux distro. And you'd 
be surprised to know not only the 
end users, but enterprises also 
show a predilection for it. They 
have their reasons. 

Enterprise Ubuntu comes with 
support for latest WiFi practices. 
This year's hottest is Ubuntu 1 5.04 
or "Vivid Vervet." It can run on 
servers, and among its many 
features, one is OpenStack Kilo 
support. 

OpenStack Kilo is a goldmine 
for enterprises of all scales. You'd 
keep digging into it and still won't 
reach to the bottom. Kilo lets an 
enterprise develop all types of 
clouds and avail all the features 
with the help of more than 400 

full circle magazine #101 


I t's now rumored that the third 
largest maker of smartphones on 
the planet and a Chinese 
powerhouse is going to release 
their first-ever laptop. This is big 
news, especially considering the 
company sold over 60 million 
smartphones in 2014. In their 
homeland, Xiaomi is more popular 
than Apple and Fluawei, and by 
December of 2014, they became 
the world's most valuable startup. 

Now, they plan on expanding 
their line of mid-priced, mid-spec'd 
hardware into the realm of 
laptops. More specifically, Linux- 
powered laptops. 

Some naysayers might be 
shaking their heads saying this will 
wind up another vendor making 
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at the enterprise level. Last month, 
the tech giant released a new line 
of Linux mainframes dubbed the 
LinuxONE. The Emperor is based 
on the IBM zl 3 and "is the world's 
most advanced Linux system with 
the fastest processor in the 
industry," according to IBM. 

It is reportedly capable of 
analyzing transactions in "real 
time" and has the ability to scale 
up to 8,000 virtual machines of 
hundreds of thousands of 
containers. On the other hand, the 
"entry-level" LinuxONE 
Rockhopper comes in a smaller 
package with emerging markets in 
mind. 

Advanced software and 
hardware encryption features are 
built into both mainframes to keep 
client data and transactions from 
prying eyes. "Protected-key, 
available on LinuxONE, provides 
significantly enhanced security 
over clear-key technology and 
offers up-to 28X improved 
performance over standard secure- 
key technology," IBM said. 

Source: 

http://www.franchiseherald.eom/a 

rticles/37783/20150905/ibm-linux- 

adoption.htm 


Submitted by: Arnfried Walbrecht 

Debian Linux versus the 

CIA 


how the Linux-based operating 
system is working to bring 
reproducible builds to all of its 
more than 22,000 software 
packages. 


talks about why the Linux 
Foundation is likely to keep 
growing. 

In some respects, the Linux 
Foundation now provides 
'Foundation as a Service,' though 
that's not the the goal that Zemlin 
has. Given the broader efforts of 
the Linux Foundation in 2015, 
Zemlin also has no plans to rename 
the Linux Foundation either. 

"I do think there is a lot of value 
in the reputation that the name 
Linux implies, in terms of it being 
the most successful open source 
project in the world," Zemlin said. 

Source: 

http://www.internetnews.com/itm 

anaqement/iim-zemlin-explains- 

how-the-linux-foundation-scales- 

bevond-iust-linux.html 
Submitted by: Arnfried Walbrecht 

Ubuntu Linux Is Now 
Supported Across All 
Rackspace Platforms 

I n order to provide its users with 
the best cloud experience 
possible, Canonical's Ubuntu Linux 
experts will provide support for 

contents ~ 


H idden backdoors into 

software have long been a 
concern for some users as 
government spying has increased 
around the world. Now the Debian 
project has taken aim at the CIA 
and other government spy 
agencies with reproducible builds 
that aim to stop hidden backdoors. 

JM Pomp reports for Vice: 

In response to the Snowden 
revelation that the CIA compromised 
Apple developers' build process, thus 
enabling the government to insert 
backdoors at compile time without 
developers realizing, Debian, the 
world's largest free software 
project, has embarked on a 
campaign to to prevent just such 
attacks. Debian 's solution ? 
Reproducible builds. 

In a talk at Chaos 
Communication Camp in 
Zehdenick, Germany, earlier this 
month (full text here), Debian 
developer Jeremy Bobbio, better 
known as Lunar, told the audience 
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Source: 

http://www.itworld.com/article/29 

81508/linux/debian-linux-versus- 

the-cia.html 

Submitted by: Arnfried Walbrecht 

Jim Zemlin Explains how 
the Linux Foundation 
Scales Beyond Just Linux 

W hen Jim Zemlin helped to 
start the Linux Foundation 
back in 2007, it was an 
organization with a singular 
purpose: to help grow and enable 
the Linux ecosystem. Now in 201 5, 
the Linux Foundation is more than 
just Linux, and has helped to 
enable multiple open source 
foundations and efforts, including 
the Cloud Foundry Foundation, the 
node.js Foundation, the Open 
Container Initiative, the 
OpenDayLight, and Let's Encrypt 
projects. 

In a video interview, Zemlin 
discusses foundation building and 
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the Rackspace platform while 
making sure that the latest builds 
are always at their disposal. They 
promise to build, maintain, and 
patch the Rackspace images on the 
Ubuntu Certified Public Cloud 
infrastructure regularly. 

While Rackspace will deliver its 
famous Fanatical Support to 
existing and future customers, 
Canonical ensures its users that 
the Ubuntu Linux images 
distributed through the Ubuntu 
CPC (Certified Public Cloud) 
program will work out of the box. 

"The reason our customers 
choose to run Ubuntu is to get 
things done, quickly, easily and 
without worry," says Udi 
Nachmany, Head of Canonical's 
Ubuntu Certified Public Cloud 
program. "The less time they 
spend thinking about and 
maintaining the platform they're 
running on, and the more time 
they can spend on their core 
business or mission, the happier 
we are." 

Source: 

http://news.softpedia.eom/news/u 

buntu-linux-is-now-supported- 

across-all-rackspace-platforms- 

491469,shtml 


Submitted by: Arnfried Walbrecht 

LXD Is the New Pure- 
Container Hypervisor 
for Linux, Says Mark 
Shuttleworth 

C anonical’s Stephane Graber 
has announced that version 
0.18 of the LXD next-generation 
container hypervisor for Linux 
kernel-based operating systems 
has been tagged, and it is available 
for download. 

Mr. Graber’s announcement has 
been backed by Mark 
Shuttleworth, the founder of 
Canonical and Ubuntu, who writes 
on his Google+ page that LXD is 
now the new pure-container 
hypervisor for GNU/Linux systems, 
allowing users to test their apps at 
scale while running hundreds of 
instances of Linux OSes, including 
Ubuntu, Arch Linux, or CentOS. 

"LXD is the new pure-container 
hypervisor for Linux. It's so 
efficient that on your laptop you 
can run hundreds of instances of 
Ubuntu or CentOS or Arch, perfect 
for testing your apps at scale," says 


Mark Shuttleworth. "Adding per- 
container AppArmor now allows 
you to confine or shield processes 
from one another inside the 
container, just as you can on a 
normal machine, so it's even closer 
to 'just another machine."' 

Source: 

http://news.softpedia.com/news/lx 

d-is-the-new-pure-container- 

hypervisor-for-linux-savs-mark- 

shuttleworth-491 934.shtml 
Submitted by: Arnfried Walbrecht 

Meizu MX4 Ubuntu 
Edition review: A 
flagship Linux 

SMARTPHONE 

T he MX4 Ubuntu Edition from 
Chinese maker Meizu is the 
second Ubuntu smartphone to 
reach the market. Originally 
released for purchase only by 
linked request and invitation, the 
MX4 is now available for regular 
purchase direct from Meizu's 
website at €299 euros (around 
£220). Note though, that the MX4 
Ubuntu Edition is currently only 
available within the EU. 


Canonical announced plans to 
port its popular Ubuntu Linux 
distribution as Ubuntu for Phones 
in January 2013, and in April this 
year we reviewed the first Ubuntu 
phone -- the Aquaris E4.5 Ubuntu 
Edition from Spanish manufacturer 
BQ. 

Like the BQ phone, the Meizu 
MX4 is very much a device for early 
adopters, since Ubuntu for Phones 
is still in the development phase. 
While the €1 69.90 Aquaris E4.5 is a 
mid-range phone, the Meizu MX4 
delivers considerably more 
computing power for €299. It runs 
on a Meizu-customised octa-core 
MediaTek MT6595 SoC with four 
ARM Cortex-A17 and four ARM 
Cortex-A7 cores, with a PowerVR 
G6200 GPU to handle the graphics, 
all supported by 2GB of LPDDR3 
RAM. 

Source: 

http://www.zdnet.com/product/rn 

eizu-mx4-ubuntu-edition/ 

Submitted by: Arnfried Walbrecht 

Valve hits a Linux 
LANDMARK — 1,500 GAMES 
AVAILABLE ON STEAM 

y contents ^ 
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L inux gaming was by no means a 
new endeavor, but 201 3 stands 
as a major year for the open- 
source platform's gaming 
prospects with Valve announcing 
Linux-based Steam Machines and 
the arrival of SteamOS. When we 
looked at the state of Linux 
gaming after its 1 2-month Valve 
anniversary, we found nearly 1,000 
professional, commercially 
distributed games available as of 
February 2015. But this weekend 
there's an even bigger numeric 
milestone to celebrate according 
to the Linux site Phoronix — 1,500 
Linux titles are currently available 
through Steam. 

So while Linux on Steam hasn't 
been a perfect marriage to 
date — lack of driver support has 
been a continual issue, and the 
overall small market means little 
return for devs working on 
ports — there remains plenty for 
Linux enthusiasts to get excited 
about. 

"At the end of 201 3, when Valve 
released the beta of SteamOS 
everything changed," Che Dean, 
editor of Linux gaming news site 
Rootgamer, told Ars earlier this 
year. "After years of promoting the 


various Linux distributions, we had 
a major gaming company not just 
porting their games to Linux, but 
actually creating their own Linux- 
based operating system. It was an 
incredibly exciting moment and a 
turning point for Linux users." 

Source: 

http://arstechnica.com/qaminq/20 

15/09/valve-hits-a-linux-landmark- 

1 500-qames-avaitabte-on-steam/ 

Submitted by: Arnfried Walbrecht 


Microsoft has built 

SOFTWARE, BUT NOT A LlNUX 
DISTRIBUTION, FOR ITS 
SOFTWARE SWITCHES 

W hile the software is real, 
Microsoft isn't 
characterizing it as a Linux 
distribution, telling us that it's an 
internal project. That's an 
important distinction, and we 
suspect that we're not going to see 
a Microsoft Linux any time soon. 

The Open Compute Project 
(OCP), of which Microsoft is a 
member, is an industry group that 
is working together to define 
hardware and software standards 


for data center equipment. This 
includes designs for high-density 
compute nodes, storage, and 
networking equipment. One part 
that Microsoft has been working 
on is network hardware, in 
particular, software-defined 
networking (SDN). SDN adds a 
layer of software-based 
programmability, configuration, 
and centralized management to 
hardware that is traditionally 
awkward to manage. Traditional 
network switches, even managed 
ones, aren't designed to enable 
new policies — alterations to 
quality-of-service or VLANs, 
say — to be deployed to hundreds 
or thousands of devices 
simultaneously. And to the extent 
that such capabilities are present, 
they vary from vendor to vendor. 

So why isn't the company calling 
this new endeavor a distribution? 
The big reason is that the company 
doesn't intend to distribute it. 
Again, it's an internal development 
that showcases the OCP approach, 
but it isn't a package that will be 
given to third parties. 

Source: 

http://arstechnica.com/informatio 

n-technoloqy/201 5/09/microsoft- 

has-built-software-but-not-a-linux- 


distribution-for-its-software- 

switches/ 

Submitted by: Arnfried Walbrecht 

Linux Mangaka Mou 
Arrives for Anime and 
Manga Fans, Based on 
Ubuntu 14.04 LTS 

L inux Mangaka Mou is the fifth 
major release of the Ubuntu- 
based distro for anime and manga 
fans. It is currently based on the 
latest LTS (Long-Term Support) 
version of the world's most 
popular free operating system and 
built around the lightweight MATE 
desktop environment. Linux 
Mangaka's sole purpose is to 
provide anime and manga fans 
with all sorts of tools for 
fansubbing and fandubbing. 

"Today the whole Animesoft 
team are proud to be able to 
announce the final stage of Mou, 
which is based on Ubuntu with the 
lightweight MATE desktop, 
containing Apple and IBM PowerPC 
64-bit architecture scripts. As any 
other Mangaka release (except 
One) you will be able to run on any 
64-bit PC and enjoy a out-of-box 

fl contents ~ 
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fast and complete Linux for anime 
& manga multimedia viewing and 
editing purpose," said the Linux 
Mangaka developers in an email to 
Softpedia. 

Source: 

http://news.softpedia.com/news/li 

nux-manqaka-mou-arrives-for- 

anime-and-manqa-fans-based-on- 

ubuntu-1 4-04-lts-49221 7,shtml 

Submitted by: Arnfried Walbrecht 

Tips for Improving the 
Linux Desktop Security 

O ne of the longest-held beliefs 
is that the Linux desktop 
comes with invulnerable and 
foolproof security system. 

A close examination of the 
security system indicates that this 
might not be the case after all. The 
desktop running on Linux 
Operating System needs enhanced 
protection to provide it with 
excellent security and ensure that 
it can withstand the most vicious 
attacks from the latest and highly 
potent malware as well as viruses 
and spyware of today. 


measures you can take, it would be 
good to explain that one of the 
reasons behind the ever-increasing 
blatant hacking of Linux desktops 
is the desire to steal network 
bandwidth as well as the storage 
space. After hacking the Linux 
servers, the hackers are then able 
to spread spam, malware and 
scams together with phishing 
campaigns to all corners of the 
world. Life can be quieter for Linux 
desktop, but not all the time. 

Therefore, the question that 
needs answers is this; what can you 
do to improve the protection and 
security of the Linux desktop? 

Source: 

http://neuroqadqet.com/201 5/09/ 

23/tips-for-improvinq-the-linux- 

desktop-securitv/1 6034 
Submitted by: Arnfried Walbrecht 
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COMMAND & CONQUER 

Written by Lucas Westermann 


F or any reader who has ever 
developed anything that 
needed to be tested or run on a 
system outside of the local 
development server or 
workstation, you've probably 
hoped for an easy way to control a 
test environment, or to emulate 
the target server. This is 
essentially what vagrant wants to 
offer. It's a tool that creates a 
configuration file for a server - 
specifications, OS, what to install, 
and links to the sources (such as 
ISOs). This is then run through 
vagrant, which created a 
VirtualBox virtual machine running 
everything outlined in the vagrant 
file. 

Now...you may be asking 
yourself why you wouldn't just do 
this by hand? If you're going to 
need the development server on 
and off (such as web development, 
where certain combinations of 
software and OSes, or particular 
versions are common), or if you 
need to be able to pass the exact 
development environment to 
other people. Such as when 
working in a team. This way, you 


can just share the vagrantfile (and, 
possibly, the source files), and the 
other team members will be up 
and running swiftly. 

Vagrant also handles certain 
aspects - such as installing guest 
additions, enabling SSH access, and 
various other aspects. It also 
ensures the networking interface is 
bridged, so that you can access 
software running on the server 
from your local network. For 
anyone who uses a local Apache 
install and virtual hosts for their 
web projects, this is one way of 
creating virtual machines of your 
server. Running the actual 
software you'll encounter on 
deployment. If you, like me, tend 
to delete virtual machines the 
moment you're done with them 
because they're hogging your hard 
drive space, Vagrant is a perfect 
match. Keep the vagrantfile, and 
delete everything else. Space 
saved! 

HOW DOES IT WORK? 

Vagrant must be installed (it’s a 
command-line tool), as well as 


VirtualBox. In Ubuntu it's as simple 
as sudo apt-get install vagrant 
virtualbox. If you're using a 
different host OS, you'll need to 
check how best to install them. 

Once Vagrant is installed, you 
can either download a Vagrantfile 
(there are many posted on github, 
or on ), 

or create one yourself. Creating 
one on your own is something I 
haven't yet done. As such, we'll 
focus on the more common 
scenario of using a pre-built 
Vagrantfile. If there is interest in 
creating custom Vagrantfiles, send 
me an email, and I will follow up 
this article at a later date. A rough 
scenario is using vagrant init, and 
then adjusting the default 
Vagrantfile to suit your needs. 

Getting started 

For the sake of this article, I'll 
be using a prebuilt Vagrantfile 
called "django-python3-vagrant". 
See the Further Reading for a link. 

Download the file: 
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git clone 

https : //github . com/FlipperPA/ 
django-python3-vagrant . git 

Then cd into the folder: 


cd django-python3-vagrant 


Unfortunately, this vagrantfile 
is geared towards utopic - which is 
no longer located on the Ubuntu 
server. So, time to edit the 
Vagrantfile! 

On line 6, you'll want to change 
the line from 
"django_config.vm.box = 
"utopic64"" to 
"django_config.vm.box = 
"trusty64 M ". 

Replace line 10 with the 
following: 

d j ango_conf ig . vm . box_ur 1 = 

"https : //cloud- 

images . ubuntu . com/vagrant/tru 

sty /current /trusty-server- 

cloudimg-amd64-vagrant- 

diskl .box" 

Here, you need to run: 

vagrant up 
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COMMAND & CONQUER 


Once that command finishes 
running, you can log into the VM 
using 

vagrant ssh 

Upon login, you'll be greeted by 
some instructions on creating a 
django project. Follow them. 
However, on the runserver step, 
you'll need to replace 0.0.0.0:8000 
with the actual IP of the server. 
Find this using ipconfig. For 
example: python manage.py 
runserver 1 92.1 68.1 .200:8000 

After that, you can access the 
django instance using the IP 
address of the server. 

To stop the VM: 

vagrant halt 

In previous versions, this was 
vagrant shutdown. So if halt 
doesn't work for you, try 
shutdown. 

To delete the VM: 

vagrant destroy 

If you run into issues, make sure 
of the following things: 

• You're using the right IP in both 


your browser, and the runserver 
command. 

• You're running the vagrant 
commands from the folder that 
contains the Vagrantfile 

Hopefully, this will be of use to 
anyone who need to frequently 
create the same (or similar) virtual 
machines. If you have questions, 
comments, or suggestions, feel 
free to contact me at 
lswest34+fcm@qmail.com . Have a 
Vagrantfile you can't live without? 
Or a Vagrant tip that saves time? 
Email them to me, and I'll compile 
them into an article. 


Further Reading 

https://qithub.com/FlipperPA/dian 

qo-Pvthon3-vaqrant - Vagrantfile 

http://vaqrantbox.es - Prebuilt 
boxes 

https://www.vaqrantup.com/ - 

Vagrant homepage 
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Lucas has learned all he knows from 
repeatedly breaking his system, then 
having no other option but to 
discover how to fix it. You can email 
Lucas at: lsw e st3 4@qma il.co m. 
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ubuntu 

v v 7 uk podcast 

The Ubuntu Podcast covers all 
the latest news and issues facing 
Ubuntu Linux users and Free 
Software fans in general. The 
show appeals to the newest user 
and the oldest coder. Our 
discussions cover the 
development of Ubuntu but 
aren't overly technical. We are 
lucky enough to have some 
great guests on the show, telling 
us first hand about the latest 
exciting developments they are 
working on, in a way that we can 
all understand! We also talk 
about the Ubuntu community 
and what it gets up to. 

The show is presented by 
members of the UK's Ubuntu 
Linux community. Because it is 
covered by the Ubuntu Code of 
Conduct it is suitable for all. 

The show is broadcast live every 
fortnight on a Tuesday evening 
(British time) and is available for 
download the following day. 

podcasLubuntu-uk.org 
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Written by Alan Ward 


Install A More Recent Software Version 


P rograms with a large user- 
base, such as Mozilla Firefox, 
generally benefit from quick 
inclusion of new releases into the 
Ubuntu repositories. Right now, 
the current version of Firefox is 
39.0, and I have version 
39.0+build5-0ubuntu0.1 4.04.1 
installed from the repositories - so 
all is golden. 

Flowever, this is not always 
true. Take the other slightly less- 
known application from Mozilla, 
the Mozilla Thunderbird email 
client. At the time of writing, 
Thunderbird is at version 38.1 
since July 9, 201 5 while the version 
in the repositories is merely a 31 .8, 
to be precise 1:31.8.0+build1- 
0ubuntu0.14.04.1. 
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My personal gripe against 
Thunderbird's version 31 is that is 
does not yet automatically include 
the calendar plugin, unlike version 
38. So I would like to upgrade this 
program directly, instead of relying 
only on the Ubuntu repositories. 

In the following description, we 
will see how to do this for 
Thunderbird, although the basics 
are extensible to other 
applications. As a sidenote, there is 
actually an Ubuntu Wiki page on 
installing new versions of Mozilla 
Thunderbird: 

https://help.ubuntu.com/communi 

tv/ThunderbirdNewVersion . 

Unfortunately, the information 
within is quite out-dated, since it 
refers to Ubuntu versions 10.04 
and 1 0.1 0. But there is an 
interesting indication that is 
current in many respects, and that 
can be borne in mind: going 
beyond the repository version is 
specifically "NOT recommended by 
the Ubuntu Mozilla team due to 
interoperability concerns." The 
operation is classified as "Medium 
difficulty, medium safety", so may 
be outside of many users’ comfort 


zones. 

So, what are our options to get 
access to the newest and greatest 
version of an application such as 
Thunderbird? 

The first one that comes to 
mind (for an old-timer, at least) 
would be to download the source 
code and compile the program 
ourselves. This is definitely 
possible, open source being... 
open, with the source code readily 
available. Flowever, it is also 
definitely going to mean 
downloading not only the source 
code, but also any tools necessary 
to do the compiling and linking 
(developer version of libraries, the 
compiler itself), and may require 
some navigation through library 
dependencies. So, while this path is 
certainly possible and results in an 
application that is perfectly 
integrated into our current system, 
it is perhaps not to be 
recommended unless we already 
enjoy software development in the 
C or C++ languages. 

So, if we wish to avoid 


compiling from source code, we 
have at least two options to obtain 
a pre-compiled application in 
binary (executable) form. 

One option is using the very 
same apt package system we are 
so used to, to perform installation. 
This means adding a 
supplementary repository to those 
we already have - Canonical's main, 
universe, multiverse repositories 
and so forth. This new one is 
hosted by the Launchpad system, 
and has its hostpage at 
https://launchpad.net/~ubuntu- 

mozilla-dailv/+archive/ubuntu/ppa . 

As its name says, this repository 
holds daily builds of the most 
recent version of Thunderbird. So, 
as root, let us add this repository 
to our list with: 

sudo bash 

apt-add-repository 

ppa : ubuntu-mozilla-daily/ppa 

Now, refresh repository content 
lists with: 

aptitude update 
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HOWTO - INSTALL A NEWER VERSION 


and consult the version of 
Thunderbird that is available: 

aptitude show thunderbird- 
trunk 

Please note the name of the 
main package for Thunderbird in 
this daily repository is not 
'thunderbird', but 'thunderbird- 
trunk'. This is so we can distinguish 
between the two versions. In my 
case, I get: 

41 . 0~al~hg20150519rl7960 . 2447 
18-0ubuntul~umdl ~t rusty 

Wow! We now have a version 
41 .0 available to us! And the 
version on the Mozilla web page is 
only up to a measly 39! So let's test 
it out. In a terminal, type the 
command: 

t hunde rb i r d- 1 r unk 

And watch it start up. The 
About dialog states quite clearly 
that this is, in fact, version 41 . 

However, it also states clearly 
something that should be a word 
to the wise: "Daily is experimental 
and may be unstable". This is 
something I noticed when it was 
incapable of authenticating 
against my Gmail server - 



something which any version of 
Thunderbird has done with flying 
colors for the last many years. 
Luckily, the developers have had 
the good idea to have this daily 
version not operate directly on the 
existing mail data, so there is little 
chance of it trashing all those 
messages you have on your hard 
drive. 

It is clear, however, that playing 
around with a daily version should 
be seen as working with beta 
grade software, at best. It is good 
enough to test out - but certainly 
not for production machines, or for 
ordinary users’ peace of mind. 

The final option to download a 
stable version of Thunderbird is 
simply to consult the Download 
section of the project's website, at 


httDs://www.mozilla.orq/en- 

US/thunderbird/all/ . 

Here, we find pre-compiled 
binaries for all three major 
desktop operating systems: 
Windows, OS-X and GNU/Linux. For 
the latter, make sure to choose the 
version corresponding to your 
preferred language. Also choose 
between 32-bit or 64-bit. If you are 
not sure which version of the Linux 
kernel you are running: 

uname -a 

and if you see "x86_64" in the 
information returned then this is a 
64-bit kernel. "i386" or "i686" 
means a 32-bit kernel. 

The file that is downloaded 
should be a compressed archive 


with the tar.bz2 extension. At the 
time of writing, the latest version 
was thunderbird-38.1.0.tar.bz2, 
rather less than the 41.0 
numbering of the daily version. 

Once downloaded, just click on 
the file and it will open in whatever 
archive 

compression/decompression utility 
is associated with this file 
extension. The exact program 
invoked will depend mostly on the 
desktop manager used, but, in 
many cases (Unity, Gnome, 
Cinnamon), it would be the Gnome 
archive manager file-roller. Once 
the compressed file is open in the 
archive utility, extract it, for 
example to the desktop. The 
archive utility can be closed. 


n 

— 

Chunderbircl-BB r 1 ,0, 

tar,bz2 

Thunderbird 


You should now have a folder 
on the desktop simply called 
"thunderbird". This contains a 
large number of files, among which 
the main file (i.e. the Thunderbird 
program itself) is unsurprisingly 
also named "thunderbird". 

contents ~ 
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In any terminal, run 

Desktop/thunderbird/thunderbi 

rd 

and, voila, the new version of 
Thunderbird should start up. It is 
worth noting that it should directly 
access your existing configuration 
and message files, which are not in 
this folder but in the hidden folder 
-/.thunderbird. If you are not 
running Ubuntu in English, but in 
another language, simply 
substitute the correct name for 
your desktop 

(Bureau/thunderbird/thunderbird, 

etc.) 

If this doesn't work, the 
advantage of using a terminal to 
launch the newly-downloaded 
program is that any error 
messages will be visible for 
perusal. 

For best results, it is 
recommended to run a fairly 
recent version of *Ubuntu. The 
most recent LTS version (now 
14.04) or Linux Mint equivalent 
(1 7.2) should be fine with recent 
versions of Thunderbird. 
Otherwise, it is very possible that 
some library files are not in 
sufficiently recent versions for 


today's Thunderbird to work. 

To install this program to 
benefit all system users, best 
practice would involve moving it to 
the /opt directory. This needs to 
be done as root. So: 

sudo bash 
cd -'/Desktop 
mv thunderbird /opt/ 

Now, let's rename the existing 
version of Thunderbird, and link to 
the new version. 

cd /usr/bin 

mv thunderbird thunderbird- 
ubuntu 

In -s 

/opt/thunderbird/thunderbird 

From this point on, all 
references to the Thunderbird 
program should point towards the 
newer version: this is the one that 
gets started when using the links 
in the menus, dock or status bar. 
The old version can still be 
accessed by typing the command 

t hunde r b i r d-ubun t u 

Needless to say, if the user 
should not be satisfied with the 


new program, it can safely be 
uninstalled and rolled back to the 
earlier version by issuing the 
following commands: 

sudo bash 

cd /usr/bin 

rm thunderbird 

mv thunderbird-ubuntu 
thunderbird 

rm -r /opt /thunderbird 


Alan teaches computer science at 
Escola Andorrana de Batxillerat 
(high-school). He has previously 
given GNU/Linux courses at the 
University of Andorra and taught 
GNU/Linux systems administration at 
the Open University of Catalunya 
(UOC). 



EXTRA! EXTRA! 

READ ALL ABOUT IT! 

Our glorious news reporters 
are now posting regular news 
updates to the main Full Circle 
site. 

Click the NEWS link, in the site 
menu at the top of the page, 
and you'll see the news 
headlines. 

Alternatively, look on the right 
side of any page on the site, 
and you'll see the five latest 
news posts. 

Feel free to discuss the news 
items. It's maybe something 
that can spill back from the site 
into the magazine. Enjoy! 
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HOW-TO 

Written by Elmer Perry 


LibreOffice Pt.53 - Presenter Console 



A t least twice a year, I teach 
installer training for my 
company. During training, I show 
several presentations. Of course, 
my choice of presentation 
programs is LibreOffice Impress. 
As you might already know, one of 
the reasons is the Impress Remote 
app for Android, but even when I 
don't use Impress Remote, I still 
use Impress for a feature called 
the Presenter Console. The 
console is a control panel for the 
person giving the presentation, 
with tools to view notes, move 
between slides, and keep track of 
the time you have spent on a 
presentation. 

When I give my presentations, I 
am on a laptop connected to a big 
screen or projector. Any time you 
have dual monitors, you can set 
your system to use the Presenter 


Console. Make sure your second 
monitor is not set to mirror the 
first monitor. You want the second 
monitor to extend the first 
monitor. The good thing is the 
extended mode allows each 
monitor to have the best 
resolution for that monitor. Making 
the second monitor an extension 
of the first also allows you to use 
the Presenter Console. 

Before you begin, make sure 
that the slide show is set to show 
on the second screen. You can 
check this in the menus, Slide Show 
> Slide Show Settings. Under 
Multiple Displays, select the 
monitor you want the presentation 
to appear on. This option is 
available only when you have 
multiple monitors. This setting 
does not save with the 
presentation document but in the 


Impress settings. 

When you start your 
presentation (Slide Show > Start 
from first Slide), the Presenter 
Console will appear on your non- 
presentation monitor. The default 
mode shows the current slide, the 
next slide, and the control bar. The 
current slide keeps you up to date 
on what is showing on the 
presentation screen, so you don't 
have to look behind you or away 


from your notes to see what your 
audience sees. This is especially 
important when you have 
animations that bring your points 
up one at a time on the slide. The 
next slide shows you the complete, 
finished slide that comes after the 
current one. The control bar is the 
main component of the console. In 
the bar you can change between 
the different modes, switch slides, 
view notes or slides, or swap the 
views on the monitors. 


Multiple Displays 


Presentation display: Auto External (Display 2 ) 


OK 


Cancel 


Help 
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The previous and next buttons 
move you through the slides. The 
previous button moves the 
presentation to the start of the 
previous slide. The next button 
moves you forward to the next 
animation, or, if there are no more 
animations on the current slide, 
the next slide. I hardly use these. I 
usually use the spacebar to move 
forward and the backspace to 
move backward. The choice is 
yours, and these buttons work 
great if you want to keep your 
hands on a mouse. 

The Notes button switches the 
display to notes mode. In notes 
mode, you get a smaller version of 
the current slide, and the next 


slide moves to a position 
underneath it. The right side of the 
console displays any notes for the 
current slide. This mode is very 
helpful when you have a lot of 
notes in your presentation, which I 
highly recommend you do when 
giving a presentation for the first 
time. The + (plus) and - (minus) 
buttons allow you to change the 
size of the text in the notes. 

Ideally, your notes will fit on the 
screen, but sometimes, you need 
more notes. Adjusting the size 
allows you to find that happy spot 
between readability and max 
coverage. You get a scroll bar when 
the notes are too long to fit in the 
note window. The close button 
closes the notes and returns you to 
the default mode. 
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The slides button on the control 
bar pops up a display of all the 
slides in the presentation. You can 
use the scrollbar to scroll through 
your slides until you find the one 
you need. When you select a slide, 
the slide shows on the main 
presentation monitor. Click the 
close button to return to the 
previous view mode (default or 
notes). This comes in handy when 
someone brings up a topic you 
have already discussed, and you 
want to go back to the slide where 
the topic was discussed. I find 
myself doing this from time to 
time, and the slides screen is much 
faster than using the previous 
button. 


In the center of the control bar 
are the clock and timer. I use the 
timer to keep track of how much 
time I have spent on the current 
presentation. Am I moving too 
fast? Do I need to slow down? Do I 
need to get on with it? The clock is 
also useful for the same thing. 
Gotta be finished by noon? 

Knowing what time it is without 
looking at your watch or phone 
sure does help. The clock and timer 
are helpful for keeping on 
schedule. 

The Exchange button allows 
you to swap the monitor displays. 
Not sure why you would want to 
do this, but it is there as an option. 

I guess if, in a pinch, you got your 
displays backwards, you could 
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swap the monitors to get things on 
the right displays. Or you needed 
to show the presenter screen to 
your audience? I'm really not sure 
why it exists, but it is there should 
you ever need it. I'm sure it will 
save someone somewhere some 
embarrassment some day. 

The last button on the control 
bar is the Help button. Clicking 
Help brings up a list of all the 
keyboard shortcuts for the 
console. When giving 
presentations, I find the podium is 


not big enough for me to have a 
mouse, and I'm not very fond of 
laptop mousepads. Keyboard 
shortcuts make it much easier to 
navigate. There are a few, but it's 
not so many that you can't 
memorize them. For next and 
previous, I recommend you find 
the pair that works best for you 
and use it. I use the spacebar for 
next and backspace for previous. 
The forward and backward 
relationship makes them easy for 
me to remember. The right and left 
arrows also make sense for the 


same reason. The CTRL-1 (standard 
view), CTRL-2 (notes view), and 
CTRL-3 (slides view) makes it quick 
and easy to switch between the 
different views. B blacks out the 
screen. Use it during breaks, or to 
divert the audience's attention 
elsewhere. Press B again to bring 
the screen back. W does the same 
thing, only it whites out the screen. 
Press ESC at any time to end the 
slide show. If you know the number 
of the slide you want to jump to, 
enter the number and press Enter. 
Home takes you to the first slide, 
and End takes you to the last one. 

G and S grow and shrink the size of 
the notes text, and H and L move 
the cursor in notes view backward 
and forward. 

The Presenter Console in 
Impress is a handy control center 
for anyone giving a presentation. 
The screen always lets you know 
the current status on the 
presentation monitor and shows 
you the next slide in the 
presentation. The control bar gives 
you access to all the features of 
the console. The notes mode 
shows you the notes for the 
current slide. The slides mode 
allows you to quickly switch to any 
slide in the presentation. The help 
button gives you a reminder of the 
17 
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keyboard shortcuts for the 
console. The Presenter Console 
keeps the presenter in control of 
the presentation. 


Elmer Perry's history of working, 
and programming, computers 
involves an Apple ][E, adding some 
Amiga, a generous helping of DOS 
and Windows, a dash of Unix, and 
blend well with Linux and Ubuntu. 

He blogs at 

h ttp://e eDerrv.wordpres s.c om 
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Written by John 


N ow that that our Linux VM is 
built, we must add security 
for better server protection; this 
will be accomplished by using the 
Linux firewall capabilities. 
Afterwards, we will install a web 
server and set up additional 
security on the web server. 

Today we will focus on the 
Linux firewall. We will use iptables, 
standard Linux firewall 
functionality. 

A Firewall is basically a set of 
rules. As best practice, we'll use 
the "deny access" default rule - 
this means that unless specified 
otherwise, an incoming network 
packet will be dropped. 

External access to our server 
will be allowed under: 

• SSH - for remote control 
• HTTP -server web pages (our 
website) 


Right now, anybody can try 
connecting to our server via SSH. 
Obviously, that will not be possible 
without the private key; however, 
we'd like to limit who can even try 


Website With Infrastructure Pt. 2 


to connect to our server - this is 
just best practice and limits access 
to any additional potential hacks. 

For example - let's suppose you 
live in the US - it's probably a good 
idea to allow SSH connections only 
from the US (any SSH connection 
attempt from outside the US is not 
legitimate - it's not you!!! - so it 
should be banished). 

In addition, we may decide we 
will not do business with specific 
countries - we will block any web 
access (HTTP) from these 
countries. In my example, I will 
choose Canada (note here - this is 
only an example, there is 
absolutely nothing wrong with 
Canada what.so.ever - 1 am just 
choosing a country which is a 
Democracy, this way, I know I won't 
get into trouble!!!). 


and will definitely help keep 
hackers away. 

Without getting into too much 
detail, the firewall rules can be set 
for incoming, outgoing, and 
forward connections. 

Since we are not forwarding 
anything, we will just set rules for 
incoming (most important), 
outgoing (more later on why) and 
ignore forwarding (by default 
forwarding is disabled in the kernel 
anyway). 

Step by step now 

Quick reminder: only sudo (or 
root) can set up firewall rules. To 
switch to root, I recommend 
typing: 

sudo su 


by default. (Centos & Suse do for 
sure - not totally sure about 
Ubuntu). 

We will reset any rules so we 
can start from scratch: 

iptables -F 
iptables -X 

And by default DROP any 
incoming connections: 

iptables -P INPUT DROP 

2 - Allow local 

CONNECTIONS (TO 

localhost): 

iptables -A INPUT -i lo -p 
all -j ACCEPT 

iptables -A INPUT -m state — 
state RELATED , ESTABLISHED -j 
ACCEPT 

3 - Block incoming 

CONNECTION IF IT 
ORIGINATES FROM A SPECIFIC 

country: 

contents ~ 


Please note that checking the 
incoming country is not foolproof 
- the source connection can spoof 
the IP address (or just VPN into a 
server from an unblocked country) 
Anyway - this is good protection 
against automatic bot scanners 
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1 - Reset any firewall 
RULE AND DROP ANY 
INCOMING connections: 

Most distributions come with 
some type of firewall rules set up 
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There are several ways to check 
the country-of-origin of an 
incoming connection: 

• iptables geoip 

• loading country blocks into ipset 

iptables with geoip is based on 
xtables-addons, which is an 
extension of iptables. This works 
pretty well. However, it's not really 
a "standard" - meaning xtables is 
not delivered with some 
distributions (requires compile 
from sources & install). For 
example, I was unable to make this 
work with Arch Linux on ARM 
architecture (not saying it is not 
working, just saying I was unable to 
make it work - big difference!). 

ipset is a companion application 
to iptables - it can load in-memory 
ranges of IP addresses, and 
iptables can leverage ipset to test 
if an IP is within this range. 

As geo-localization, I will 
choose ipset -which seems to be 
available as a packaged install to 
any distribution I have tried so far. 

sudo apt-get install ipset 

Let's summarize what we want 
to achieve here: 

• Get the IP range block we want to 


forbid (country based). 

• Load that range into ipset. 

• Add an iptable rule which checks 
if source is within that range 
(Canada in our example). 

• If yes, block. 

• If not: 

• • Allow if target is HTTP (a web 
page). 

• • If target is SSH, we must also 
check country of origin is USA 
(same as above - with ipset). 

I hope you follow me here!!! 

IP blocks by country can be 
found here: 

http://www.ipdenv.eom/ipblocks/d 

ata/aqqreqated 

We'll get the blocks of US and 
Canada - either download the file 
or use wget: 

wget 

http : //www . ipdeny . com/ipblock 
s/data/aggregated/ca- 
aggregated. zone 

wget 

http : //www . ipdeny . com/ipblock 
s/data/aggregated/ca- 
aggregated. zone 

Now load the blocks into ipset's 
memory: 

Create an ipset bucket called 
myset_CANADA: 
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ipset create myset_CANADA 
hash : net 

Load the blocks corresponding to 
Canada into myset_CANADA: 

for i in (cat ca- 
aggregated. zone) ; do ipset 
add myset_CANADA $i; done 

Same for US block range: 

ipset create myset_US 
hash : net 

for i in (cat us- 
aggregated. zone) ; do ipset 
add myset_USA $i; done 

Now we'll block anything 
coming from Canada (conjunction 
of iptables & ipset): 

iptables -A INPUT -m set — 
match-set my set _C AN AD A sre -j 
DROP 

If the rule above is hit, the 
connection is dropped (-j DROP 
does that) and we exit the firewall. 

4 - If WE GET UP TO HERE IN 
THE FIREWALL CHAIN 

We can accept any HTTP 
incoming connections: 

iptables -A INPUT -p tep — 
dport 80 -j ACCEPT 
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If rule above is hit (meaning 
"true"), the request is accepted (-j 
ACCEPT) and we exit the firewall. 

5- If WE GET TO HERE 

The source is not coming from 
Canada and it's not an HTTP 
request. If the request in not SSH, 
drop the request and exit the 
firewall: 

iptables -A INPUT -p tep ! — 
dport 22 -j DROP 

6 - If we've got this far 

It is a SSH request (and not 
from Canada). Let's check if the 
source country is allowed (USA in 
our example). 

Before accepting, let's write 
into the system log that access to 
port 22 has been granted. We will 
log this information into 
/var/log/messages (default system 
log file). Logging is important for 
security reasons - by running 
statistics on /var/log/messages you 
will find out who tried to access 
your system. Note that we do not 
track who has connected but who 
tried to connect: 
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iptables -A INPUT -j LOG — 
log-pr-efix "Accepted SSH " — 
log-level 7 

iptables -A INPUT -m set — 
match-set myset_USA src -j 
ACCEPT 

Just in case we missed 
anything, any connection arriving 
to the command above will be 
dropped (remember- we drop 
everything by default unless 
specified otherwise): 

iptables -A INPUT -j DROP 

It's not mandatory - but we can 
add some additional security to 
the above rules. 

Let’s imagine that somebody 
really wants to hack your system 
by trying every combination of RSA 
key possible - that is called a 
brute-force-attack. No worries - 
with a 10K RSA key, it is probably 
not possible (note the word 
probably- when talking security, 
you cannot ever be sure!). 

There is something we can do 
about that - if a specific IP tries to 
connect more than x times (let’s 
make it 5) to our server on port 22, 
we can temporarily ban that IP 
address for a few minutes - let’s 


make it 5 (300 seconds). So this 
means that an attacker can 
potentially try 5 combinations 
every 5 minutes. As you probably 
understand, brute force will not 
work at this pace!!! 

Below, we’re telling iptables to 
keep track of connections to port 
22 for 300 seconds. If a (failed) hit 
count gets to 5, the connection is 
denied for the next 5 minutes: 

iptables -A INPUT -p tcp -m 
tcp — dport 22 -m state — 
state NEW -m recent — set — 
name DEFAULT — rsource 

iptables -A INPUT -p tcp -m 
tcp — dport 22 -m state — 
state NEW -m recent — update 
— seconds 300 — hit count 5 — 
name DEFAULT — rsource -j 
DROP 

Then, follow these with the 
same block-rules as before: 

iptables -A INPUT -j LOG — 
log-prefix "Accepted SSH " — 
log-level 7 

iptables -A INPUT -m set — 
match-set myset_USA src -j 
ACCEPT 

iptables -A INPUT -j DROP 

Careful - this rule also applies 
to yourself! 


More about logging and 
checking who tried to access the 
system... 

This command will display any 
SSH connection attempt to your 
system: 

cat /var/log/messages | grep 
"Accepted SSH" 

You will quickly get a hefty 
output ("quickly" means minutes of 
server up-time), which will not be 
easy to read. 

This revised version is probably 
more useful and will give the list of 
unique IP attempts - sorted by 
number of connection attempts: 

cat /var/log/messages | grep 
"Accepted SSH" | awk -FSRC= 
'{print $2 > ' | awk '{print 

$1}' | sort | uniq -c | sort 

-n 

A quick explanation of above 
command: 

• It outputs the content of the file 
/var/log/messages. 

• It keeps only lines where the 
keywords "Accepted SSH" exist. 

• It grabs the text following the 
keyword SRC= (IP address of 
incoming connection). 

• It sorts the list. 


• It gets only the unique IPs, but 
counts the number of occurrences 
of each unique IP. 

• It sorts descending as numbers 
(sort -n). 

The goal of this article is 
firewall and security. However, I 
strongly believe that security and 
scripting go hand-in-hand. Logging 
intrusion attempts is great but not 
using the data is useless. As you 
can see, a quick shell command 
was able to provide very useful 
information - extremely quickly. I 
can now, for example, ban the 
topmost 10 IPs who tried to log in 
to my system. 

The following command will 
ban the IP 10.10.10.10 by inserting 
the rule on top of all rules (-1 INPUT 
1 ): 

iptables -I INPUT 1 -s 
10.10.10.10 -j DROP 

Have fun and please make sure 
not to ban... yourself! 

7 - Output rules: 

Many times, firewalls will 
enforce rules only for incoming 
connections- meaning they'll 
allow wide-open output traffic. 
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This is not a good practice - 
imagine that a hacker gets to your 
computer and is able to install 
server software which could then 
create a tunnel via a random port 
to the attacker's server and 
therefore provide full access to the 
attacker. 

We will also close this loophole. 
Basically we will allow outgoing 
access to: 

• SSH (for our remote access), this 
is TCP port 22. 

• HTTP and HTTPS (for web pages), 
these are ports 80 and 443. 

• DNS (so our requests can be 
resolved!), this is port 53. 

You probably got the point: 

• By default, DROP any output 
connections, unless we specifically 
tell otherwise. 

• Allow connection to localhost 
(the server itself). 

• Allow SSH, DNS, HTTP & HTTPS. 

iptables -P OUTPUT DROP 

iptables -A OUTPUT -o lo -p 
all -j ACCEPT 

iptables -A OUTPUT -m state 
— state RELATED, ESTABLISHED 
-j ACCEPT 

iptables -A OUTPUT -p tcp — 
dport 22 -j ACCEPT 


iptables -A OUTPUT -p udp — 
dport 53 -j ACCEPT 


iptables -A OUTPUT -p tcp — 
dport 53 -j ACCEPT 


iptables -A OUTPUT -p tcp — 
match multiport — dports 
80,443 -j ACCEPT 


iptables -A OUTPUT -j DROP 


Let's put all this together... 

First build the block of IP 
addresses. Run all below as root 
(orsudo): 


a pt-get install ipset 
wget 

http : //www . ipdeny . com/ipblock 
s/data/aggregated/ca- 
aggregated. zone 

wget 

http : //www . ipdeny . com/ipblock 
s/data/aggregated/us- 
aggregated. zone 


Now let's clean all firewall rules: 

iptables -X 

And make sure all rules were 
really deleted - you should see 
this: 

Then add the firewall rules in a 
text file (see box on next page). 

In order to test this out, I would 


recommend the following: 

• Use wget to get the blocks of IPs, 
and keep the files. 

• Copy / paste the code above to a 
shell file (text file with extension 
.sh and make it executable with 
chmod +x [filename]). 

• Run the file. For my example, I'll 
call this file 

/usr/local/sbin/firewall.sh 

You should now have the 
firewall fully loaded and 
operational. 

IMPORTANT - iptables -F resets 
the firewall and locks your ssh 
session out! 

When you run the file, your 
terminal will be "locked". This is 


because we reset the firewall by 
blocking all rules by default. Just 
try connecting again to iceberg 
from another terminal. If it works - 
you should be all set, but, if you 
cannot, stop and restart the VM 
from the Digital Ocean panel. After 
the restart, the rules are not 
loaded, so you can fix that 
problem: For example, I allowed 
the US IP blocks because I live in 
the US, did you load the right 
blocks of IPs from where you live? 

I will now suppose everything 
worked well - we will then set both 
scripts to run at startup. 

In ubuntu 14.04, edit and add 
both files to /etc/rc.local (shown 
below). 


#! /bin/sh -e 

# 

# rc. local 

# 

# This script is executed at the end of each multiuser rumlevel. 

# Make sure that the script will “exit 0" on success or any othc 

# value on error. 

# 

# In order to enable or disable this script just change the exec 

# bits. 

# 

# By default this script does nothing. 


sleep 10 

/usr/local/sbin/firewall.sh 


exit 0 
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Note the sleep 1 0 - we're 
telling iceberg to wait 1 0 seconds 
before running our scripts - this is 
to ensure that the network is up & 
running before we set up the 
firewall. 

I know a few of you may find 
the sleep 10 not optimal and 
would rather use upstart's 
dependencies rules. I personally 
think it is too much trouble and 
safe enough (even if somebody 
connects in those 10 seconds, he'd 
be locked by the iptables -F) - not 
to mention that upstart seems to 
be end-of-life software (even 
Canonical decided to switch to 
systemd in newer Ubuntu versions 
- this doesn't mean I support or 
not systemd, I am just noting 
Canonical's decision). 

Anyway, during your next 
reboot, you should be 
automatically all set, with a system 
pretty well protected against 
intrusions. 

If you'd like to confirm the 
scripts have been properly 
executed at startup, as root run 
this: 


iptables -L 


# ! /bin/bash 

# Load the ipset rules 

ipset create myset_CANADA hash: net 

for i in $ (cat ca-aggregated. zone) ; do ipset add myset_CANADA $i; done 
ipset create myset_USA hash: net 

for i in $ (cat us-aggregated. zone) ; do ipset add myset_USA $i; done 
iptables -F 
iptables -X 

# Input rules <== this is comment 
iptables -P INPUT DROP 


iptables -A INPUT -i lo -p all -j ACCEPT 

iptables -A INPUT -m state — state RELATED, ESTABLISHED -j ACCEPT 
iptables -A INPUT -m set — match-set myset_CANADA src -j DROP 

iptables -A INPUT -p tcp — dport 80 -j ACCEPT 

iptables -A INPUT -p tcp ! — dport 22 -j DROP 

iptables -A INPUT -p tcp -m tcp — dport 22 -m state — state NEW -m recent — set — name DEFAULT — rsource 

iptables -A INPUT -p tcp -m tcp — dport 22 -m state — state NEW -m recent — update — seconds 300 — hitcount 5 

— name DEFAULT — rsource -j DROP 

iptables -A INPUT -j LOG — log-prefix "Accepted SSH " — log-level 7 

iptables -A INPUT -m set — match-set myset_USA src -j ACCEPT 

iptables -A INPUT -j DROP 

# Output rules <== this is a comment 
iptables -P OUTPUT DROP 

iptables -A OUTPUT -o lo -p all -j ACCEPT 

iptables -A OUTPUT -m state — state RELATED, ESTABLISHED -j ACCEPT 
iptables -A OUTPUT -p tcp — dport 22 -j ACCEPT 

iptables -A OUTPUT -p udp — dport 53 -j ACCEPT 

iptables -A OUTPUT -p tcp — dport 53 -j ACCEPT 

iptables -A OUTPUT -p tcp — match multiport — dports 80,443 -j ACCEPT 
iptables -A OUTPUT -j DROP 


and you should get the firewall 
rules displayed on the screen. 


Next month, we will install 
Apache (Web server) and secure 
Apache. 
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HOW-TO 

Written by Mark Crutch 


Inkscape - Part 41 


A fter last month's special 

celebratory detour, we return 
to finish the subject of aligning and 
positioning objects in Inkscape. 
We've already seen a variety of 
approaches, from grids and 
snapping through to tiled clones 
and the Align and Distribute 
dialog, but we still have two 
dialogs to consider. They both live 
near the bottom of the Object 
menu: "Transform...", and 
"Arrange..." ("Rows and Columns..." 
if you're still using 0.48.x). 

The Transform dialog provides a 
more precise approach to moving, 
scaling, rotating and skewing 
objects when compared with 
simply dragging the selection 
handles using the mouse. In the 
world of SVG, every object can 
have a transformation applied to 
it. Rotate or skew an object, then 
look at it in the XML editor and 
you'll see that there's no obvious 
"rotate" or "skew" attribute, but 
rather a single "transform" 
attribute which holds a matrix that 
defines the cumulative effects of 
any transformations you may have 
applied. The details of this matrix 


are a little too mathematically 
intense for this series, but it's 
enough to know that each object 
can have its own matrix applied, 
and that a single matrix can 
combine the effects of moving, 
scaling, rotating and skewing into a 
single set of numbers. The 
Transform dialog is essentially a 
more user-friendly way of 
tweaking that matrix. 

On opening the dialog from the 
menu, or using the CTRL-SHIFT-M 
shortcut, you'll be presented with 
a simple interface featuring a 


handful of tabs, each with just a 
few fields. This dialog has seen 
little change between 0.48 and 
0.91. 

The fields on the Move tab 
allow you to move your selected 
objects by a specific distance, 
when the "Relative move" 
checkbox is enabled. Disable this, 
and you can move your objects to 
absolute x and y coordinates. In 
addition, the current absolute 
coordinates are displayed in the 
fields. With 0.91 , just about every 
spinbox in Inkscape lets you enter 


simple calculations, so there's a 
good argument for never enabling 
this checkbox in that version. Want 
to move your shape 50 pixels to 
the right? Just append "+50" to the 
number in the "Horizontal" box, 
then hit Return and watch the field 
update with the newly calculated 
value. 

Positions and movements are 
based on Inkscape's own 
coordinate system which has the 
positive y axis running upwards 
from the bottom of the page 
(remember, this is the opposite of 
SVG's coordinate system, which 
has the origin at the top left, with 
the positive y-axis running 
downwards). Similarly, the 
selected objects are placed such 
that the bottom left corner of the 
bounding box is at the specified 
coordinates, with no option to use 
a different corner, or even the 
center of the box as the reference 
point. 

The "Apply to each object 
separately" checkbox is effectively 
the opposite of the "Treat 
selection as group" checkbox in 
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the Align and Distribute dialog. If 
you select multiple objects and 
leave this un-checked, then the 
transformation will be applied as 
though all the objects were 
grouped. With it checked, each 
object is individually transformed. 
When relatively moving things, 
there's little difference, but, for an 
absolute move, it results in all the 
items being placed at the same 
position on the page. It's also 
particularly relevant when using 
the other tabs, where the results 
can differ significantly due to the 
state of this checkbox. Consider 
the Rotate tab: there's a huge 
difference between rotating a 
group of separate objects and 
rotating each object individually. 

The Scale, Rotate and Skew 
tabs in this dialog really need no 
additional explanation as the fields 
are all straightforward to 
understand. It's important to note, 
however, that only the current 
tab's values are used when the 
Apply button is clicked. You can't 
queue up a collection of 
movement, rotation and skewing 
to apply as a single operation, but 
instead have to press the button 
with the Move tab to the fore, then 
again with the Rotate tab selected, 
and so on. 


On the subject of the Rotate 
tab, there has been a slight change 
with version 0.91: this release adds 
buttons to determine whether 
rotations should be clockwise or 
anti-clockwise. The corresponding 
field accepts both positive and 
negative values in either release of 
Inkscape, so the buttons just make 
the existing functionality more 
obvious, rather than adding 
anything new. 

The last tab, Matrix, allows you 
to directly manipulate the six 
values in the SVG matrix 
transformation. With the "Edit 
current matrix" checkbox enabled, 
you can modify the transform 


that's currently being applied to 
the selected element, if there is 
one. With this unchecked, any 
changes you make in this tab will 
be mathematically combined with 
the existing matrix to produce a 
new, cumulative matrix. If you are 
mathematically inclined, and wish 
to play around with this tab, I 
recommend reading the SVG 
specification for coordinate 
systems and transformations: 
http://www.w3.org/TR/SVG/coords 

.html 

It's worth noting that SVG's 
transform attribute does allow for 
a series of individual translate(), 
scale(), rotate(), skewX() and 


skewY() functions to be used, 
rather than just the matrix() 
operation that combines them all. 
From an authoring perspective, it 
would be far nicer to store a 45° 
rotation in the SVG file as 
rotate(45), rather than 
matrix(0.707, 0.707, - 
0.707,0.707,0,0), but there's no 
option in Inkscape to do that, 
unfortunately. 

The last feature we'll consider 
in this part of the series is the 
dialog that can be found via Object 
> Rows and Columns... (0.48) or 
Object > Arrange... (0.91). The 
latter lays the interface out a little 
more neatly and adds a second tab, 
so I'll describe that version. 0.48 
users should be able to work out 
the differences in the first tab, but 
you'll just have to look on in envy 
when I describe the Polar 
Coordinates options in the second. 

Let's start by creating a few 
objects to arrange. I've 
deliberately used different sizes, 
and semi-randomly placed them. 
I've numbered them from left to 
right, top to bottom, to make it 
easier to see which object moves 
where - once they're arranged 
using the dialog. 

contents ~ 
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On selecting these nine objects 
and opening the dialog, it's 
possible to set various 
combinations of rows and columns, 
ranging from 1 x9 to 9x1 . These 
fields are dynamic: as items are 
added to, or removed from the 
selection, the rows and columns 
will change; similarly as each field 
is manually altered so the other 
will change to ensure that you 
don't end up with an impossible 
combination for the number of 
elements that are selected. In this 
example, I've set the arrangement 
to 3 rows by 3 columns. 

You can think of this dialog as 
creating a number of conceptual 
cells which are arranged in rows 
and columns, then your objects 
placed within them. They're 
"conceptual" in that they're never 



really created, or drawn, on the 
canvas, but serve as a tool to more 
easily describe how Inkscape 
arrives at its final layout. The 
height of each cell is determined 
by the height of the tallest object 
in the row, and the state of the 
Equal Height checkbox. If left 
unchecked, then the height of each 
row is free to change to suit the 
tallest object within it; if checked, 
all the rows will be the same 
height, equal to the tallest object 
in any of the rows. An analogous 
calculation is carried out to 


determine the width of each cell, 
too. 

With the dimensions of each 
cell calculated, they are now 
distributed into their final 
positions. If the "Fit into selection 
box" radio button is active, they 
are evenly distributed to fit within 
the dimensions of the original 
selection's bounding box. This 
gives you the ability to distribute 
the objects within a specific area 
by carefully positioning two 
opposing corner objects. 

Alternatively you can select the 
"Set spacing" option, and enter 
values for the X and Y fields. In this 
mode the cells will be arranged 
with the specified amount of space 
between the columns (X value) and 
rows (Y value). These numbers can 
be negative if you want to make 
the cells overlap. Note that 0.48 
allows these numbers to be 
specified only in pixels whereas 
0.91 , as you can see from the 
screenshot, has a pop-up menu 
from which to choose different 
units. 

With these imaginary cells 
conceptually placed on the canvas, 
it's finally time to move your 
objects into them. The "Alignment" 
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buttons let you define how to 
place each object within its cell, 
allowing for any of nine relative 
positions (though you'll probably 
just use the center button most of 
the time). Note that 0.48 had the 
same nine possibilities available, 
but laid out as a pair of three- 
option radio buttons which 
specified the horizontal and 
vertical alignments separately. 

Having distributed our virtual 
cells, and aligned the objects 
within them, the result is 
something like this: 

Q 

Q 

s 



It's important to understand 
how Inkscape chooses the order 
for the arrangement. Whereas 
other parts of the application use 
an object's z-index or selection 
order, this dialog is only concerned 
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with the placement of the objects 
on the canvas. They're ordered 
from left to right, top to bottom, 
and laid out in the same way. You 
can see this effect quite clearly if I 
move the blue "8" object up a 
little, leaving its z-index the same, 
then reapply the arrangement: 

Because the objects are laid out 
from left to right, top to bottom, 
some arrangements can lead to an 
empty space in the bottom right 
corner. Here are the same nine 
objects in a 2x5 arrangement: 


OOQ 


Note that there's no way to get 
the blank space to be anywhere 
other than the bottom right cell. If 
you want a different alignment 
you'll have to manually alter the 
results afterwards. It's also not 
possible to have more than one 
blank cell - the dynamic nature of 
the Rows and Columns fields will 
stymie any attempts. Trying to put 
these nine objects into a 2x6 
arrangement, expecting six objects 
on the top row, and three on the 
bottom, just leads to the same 
result as before and the fields 



0 


adjusting themselves to 2x5. 

The second tab of this dialog 
allows you to place objects in a 
polar arrangement. You can either 
draw a circle, ellipse or arc as a 
guide on which to place your 
objects, or you can enter the 
parameters for such a shape within 
the dialog itself. 



The easiest way to do this is to 
draw a target shape (circle, ellipse 
or arc) that you wish to place your 
objects on. Send it to the bottom 
of the z-order, then select all the 
objects you wish to arrange plus 
the target itself. Ensuring that 
"First selected..." is active, click the 
Arrange button. With our previous 
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selection of nine rounded 
rectangles, and a grey ellipse as 
the target, the result is something 
like this: 



As you can see, the objects have 
been arranged anti-clockwise, 
starting from the top right. To 
make them run clockwise from the 
top left, flip the ellipse 
horizontally first. For clockwise 
from the bottom right, flip it 
vertically. For anti-clockwise from 
the bottom left, flip it both 
horizontally and vertically before 
creating the arrangement. 

If the target object is your only 
circle, ellipse or arc in the 
selection, it doesn't really matter 
whether you use the "First 
selected..." or "Last selected..." 
option. If you do have more than 
one, however, you should ensure 
that you select the target first, 
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then add everything else to the 
selection ("First Selected...") or 
select everything else, then add 
the target to the selection ("Last 
selected..."). 

If you don't wish to create an 
additional object on the canvas to 
use as a target, the 
"Parameterized" option reveals 
additional fields (shown in the 
screenshot) to let you specify the 
details of the target arc to use. 
Realistically, it's almost always 
easier to draw an arc on the canvas 
to use as the target. You'll get 
visible feedback as to where your 
objects will be placed, and you can 
simply delete the arc once your 
arrangement is done, if you don't 
want it left in the drawing. 

The specific position of each 
object on the target shape is set 
using the "Anchor point" section in 
the top half of the dialog. You can 
specify one of nine positions on 
the object's bounding box - so 
choosing the top-left button, for 
example, would position the 
objects such that the top-left 
corner of each individual bounding 
box is placed on the target. The 
center button is the most common 
choice here, and is the one I used 
for the previous image. An 


interesting alternative is to use the 
"Object's rotational center" option. 
This will position each object so 
that its rotational center is placed 
on the target, allowing you a finer 
degree of control over the 
placement of each individual 
object. 

The "Rotate objects" checkbox 
determines whether your objects 
will be rotated when they are 
arranged, or left with their original 
orientation. The previous image 
was made with this checked; had it 
been left un-checked, all of the 
positioned objects would have 
retained their original orientation, 
such that the numbers would all 
have been the right way up. 

There's a small bug that you 
may have to work around: whilst 
writing this article, I found that the 
Polar mode would occasionally 
place all my objects on top of each 
other, rather than spacing them 
out around the target shape. I was 
able to reliably fix this by undoing 
the placement, then shifting the 
target object up (SHIFT-Up arrow), 
then back down to its previous 
position (SHIFT-Down arrow), 
before repeating my arrangement 
attempt. 

That concludes our look at the 
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myriad ways in which you can 
arrange and position objects within 
Inkscape. Amongst them there 
should be something to suit most 
artistic requirements. From 
snapping to grids, tiled clones to 
polar arrangements, Inkscape has 
far more ways to position your 
shapes than initially meets the eye. 


CD 

Mark uses Inkscape to create three 
webcomics, 'The Greys', 'Monsters, 
Inked' and 'Elvie', which can all be 
found at 

h ttp://w ww.peppertop.com/ 
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ARDUINO 

Written by Ronnie Tucker 


O K, so this article isn't actually 
about the Arduino itself, but 
it is about electronics. So it's 
certainly relevant. 

Weekly/monthly boxes are 
nothing new. There are boxes for 
everything from crafts to snacks, 
and everything in between, but 
Tron-Club is doing something quite 
unusual: a monthly electronics box. 

Tron Box One 


The website 

(http://www.tronclub.com/) is a bit 

confusing at times, but I decided to 
take the plunge and give it a go 
anyway. 

The prices are quite reasonable 
at £1 1 per month (€1 4/$1 4) not 
including postage. 

The first box comes with a 
whole bunch of components and a 
small booklet. Everything from a 



Tron-Club Electronics Box 
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small motor, resistors, capacitors, 
chips, battery, and even a small 
plastic wheel are at your disposal. 
Of course, you also get a small 
breadboard for plugging 
everything into. 

The whole idea of the box is to 
ease you into electronics and guide 
you on your way to creating ever 
more complex circuits. 

The Booklet 

The booklet is your guide. It 
contains 22 circuits that you can 
build using the given components. 


It starts off easy with some basic 
resistor and LED stuff, working up 
to relay switches, a basic IR 
transmitter/receiver circuit, all the 
way to logic gates with a 555 chip. 

The little booklet is well done, 
showing both a breadboard layout 
(easy on the brain) or a proper 
circuit diagram (for the real nerd in 
you). Below them are a couple of 
information boxes that give you 
help and advice. 

Conclusion 

Sure, you can buy a big pile of 


Table of 

Welcome, Safety 
Insfruclions Explanation 

1. An LED end Resistor 

2 . Powering LEDs in series 

3. Powering LEDs in Pars Mel 

4. An LED an d Photo resistor 

5. Charging a Capacitor 

6. Capacitors in Parallel 

7. Dropping the voltage 

8. A Relay Switch 

i. A Semiconductor (Transistor) 

10 . Infrared Receiver and Transmitter 


*5V Re| ay f 

■ p UBh Butlofta * 


11. Flashing LEI 

12. 555 Timer with I 

13. Triggered (Me 

14. LED Wave with a i 

15. NAND switch I 
16 NOR switch I 

17. 74LS27 NOR ( 

18. NAND & 555 

19. NOR & 555 Timer 

20. NOT switch with 1 

21. Pulsating Motor with I 

22. Photoresitor & IR i 


-* t ■■■ " 


components for £1 1 these days, 
but the good thing about Tron- 
Club is that it's also trying to build 
a little community around it where 
you can get help and advice. The 
forum 

(http://www.tronclub.eom/forum/f 

orum-4.html) is a bit sparse at the 
moment, but this is the first box, 
and I'm sure it'll grow over time. 

Definitely worth it, in my 
opinion, and I look forward to the 
next box. 


Site: http://www.tronclub.com 
full circle magazine #101 30 


Ronnie is the founder and (still!) 
editor of Full Circle. He's a part-time 
arts and crafts sort of guy, and now 
an Arduino tinkerer. 
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CHROME CULT 

Written by S. J. Webb 


Apps & Extensions 


S ince the Chrome OS is so 

streamlined and minimal, apps 
and extensions are needed. The 
Google Ecosphere improves with 
these little programs that operate 
in the browser: 

An app can be defined as 
software that has a dedicated user 
interface but it is simpler in nature 
than a typical desktop program. 

An extension is a program that 
provides functionality, but has no 
or little dedicated user interface. 


» chrome web store 


Both of these programs 
operate within the browser. Apps 
will stay locally on the SSD. 
Extensions are tethered to your 
Gmail account and will appear on 
any Chrome browser. 

Since we use Linux, we naturally 
look for the free app or extension. 
However caution is needed when 
choosing apps or extensions. 
Oftentimes, you trade your online 
privacy for "free apps or 
extensions." So, in that sense, they 
are not free. You can add apps and 



extensions only through the 
Chrome Web Store. Some of these 
programs will work offline, but not 
all. 

Let's take a look at how we add 
an app or extension to the Chrome 
OS. The easiest way is to access the 
Chrome Web Store via 

https://chrome.qooqle.com/webst 

ore/cateqory/apps?utm source=ch 

rome-ntp-icon . 

Once you are at the webstore 
you can query the type of 


extension or app needed. Let's 
start with an example. I entered 
grammar in the search bar. A list of 
apps and extensions populated on 
the screen. I chose Grammarly 
extension based on the high 
number of positive reviews. 

However it turns out Grammarly 
does not work with Google Docs! I 
wanted this extension to interact 
with Google Docs. So I choose to 
remove. The best way to remove 
this app is by going through the 
menu in the Chrome Browser 


m. chrome webstore 

grjfnmjrty 

*Honrae! 

AppE 

fKlwnsjpn? 

Theme* 

Runs Offline 
3 y Guujle- 
free 

Available- for Android 
Wfrlrt with Garble Drive 

***** 
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Grammarly Spell Checker & Grammar Checker 
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Wordpress Site Manager 

EbllGenlu* 

This extension store* Word press- sites. Ft al*o brings more functionality to tf 
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selecting more tools and then 
extensions.. The extension list will 
populate. I then clicked the trash 
can by Grammarly. I then added 
the After the Deadline extension 
from the webstore. 

The apps and extensions will 
detail the interaction level it will 
have on the Chrome OS. I have 
varying apps on my Chromebook 
to improve my productivity. I have 
more extensions than apps. The 
Chrome Show suggested One Click 
Extension Manager as a means of 
corralling the various apps at a 
time. I find this extension manager 
extremely useful. 

The authors of the apps or 
extensions have an interface to 
help resolve issues online in the 


Jgf Avast Antivirus 201 5 



ADD TO CHROME 

f VISIT WEBSITE 1 

Offered by vensemxon 

*++* ft 37) Productivity 



OVERVIEW REVIEWS RELATED 


G+l 


User Reviews English f United States) T 


Hclprul Recent Rate this application 


agy n h ez Noguelra Modi Med Aug 3Q r 20 1 5 * * * 

GOOD 


CREATf A PROFILE TO RATE 


Was this review helpful? Yes No Mark as spam 


mob bee Modified 2 days ago ** 

it takes me to a website wtf am i suppossed to do 

Was this review helpful? Yes No Mark as spam 


Canter Downs Modified 2 days ago 
The best AV by far 


Extensions 


0 


Gcmgle+ Photos I.5B0.2 
Upload and share photos 
Details 

> Allow «n incognito 



Remove 'Grammafly Spell Checker S, 
Grammar Checker^ 


Report a buss Remove Cancel 


Grammarly Spell Checker & Grammar Checker 3472.144 |v Enabled 

Spell check and grammar check as you type online Boost your credibi lily everywhere you 


write 1 


Details, 


Allow in incognito Allow access to file URLs 


reviews section. However not all 
authors respond to this feature. 
That is why I tend to use the more 
popular and reviewed programs in 
the app store. Occasionally it 
would be worthwhile to pay for an 
extension or app if it offers better 
functionality. 

Next month I will look into 
maintaining online privacy with a 


Chromebook and the varying 
methods to ensure it. 



SJ Webb is a Linux Hobbyist and 
Research Coordinator. He enjoys 
fishing, hot rodding, and spending 
time with his kids and wife. He 
thanks Mike Ferarri for his 
mentorship. 
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HOW-TO 

Written by Ronnie Tucker 


Guidelines 


T he single rule for an article is 
that it must somehow be 
linked to Ubuntu or one of the 
many derivatives of Ubuntu 
(Kubuntu, Xubuntu, Lubuntu, etc). 

Rules 

• There is no word limit for articles, 
but be advised that long articles 
may be split across several issues. 

• For advice, please refer to the 

Official Full Circle Style Guide: 

http://url.fullcirclemaqazine.Org/7 

5d471 

• Write your article in whichever 
software you choose, I would 
recommend LibreOffice, but most 
importantly - PLEASE SPELL AND 
GRAMMAR CHECK IT! 

• In your article, please indicate 
where you would like a particular 
image to be placed by indicating 
the image name in a new 
paragraph or by embedding the 
image in the ODT (Open Office) 


document. 

• Images should be JPG, no wider 
than 800 pixels, and use low 
compression. 

• Do not use tables or any type of 
bold or italic formatting. 


If you are writing a review, 
please follow these guidelines : 


When you are ready to submit 
your article please email it to: 

articles@fullcirclemaqazine.org 

Translations 

If you would like to translate 
Full Circle into your native 
language please send an email to 
ronnie@fullcirclemaqazine.org and 

we will either put you in touch with 
an existing team, or give you 
access to the raw text to translate 
from. With a completed PDF, you 
will be able to upload your file to 
the main Full Circle site. 


Write For Full Circle Magazine 


REVIEWS 

Games/Applications 

When reviewing games/applications please state clearly: 

• title of the game 

• who makes the game 

• is it free, or a paid download? 

• where to get it from (give download/homepage URL) 

• is it Linux native, or did you use Wine? 

• your marks out of five 

• a summary with positive and negative points 

Hardware 

When reviewing hardware please state clearly: 

• make and model of the hardware 

• what category would you put this hardware into? 

• any glitches that you may have had while using the hardware? 

• easy to get the hardware working in Linux? 

• did you have to use Windows drivers? 

• marks out of five 

• a summary with positive and negative points 


You don't need to be an expert to write an 
article - write about the games, applications 
and hardware that you use every day. 
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LINUX LAB 

Written by Charles McColm 


Drupal 7 on Ubuntu Server 14.04 


T his article is an updated 

version of some notes I made 
years ago about installing Drupal 
on Ubuntu Server. 

From the Drupal website: 
"Drupal is a free software package 
that allows you to easily organize, 
manage and publish your content, 
with an endless variety of 
customization." Drupal, 

Wordpress, and Joomla are among 
the most popular web content 
management systems. Drupal is 
very modular compared to other 
content management systems. 
Wordpress tends to include a lot of 
features right off the initial install 
whereas Drupal is more of a 'start 
small and tailor to your needs' 
system. 

I have a habit of forgetting 
tasks I don't do everyday. When it's 
a task that requires quite a few 
steps, I like to document the steps 
because I find that instructions 
provided by projects sometimes 
skip steps or make assumptions I 
don’t know. Installing and 
configuring Apache alone can be 
quite a task, particularly if you're 


setting up multiple domains or 
have special library requirements. 
Add the complexity of learning 
MySQL (many people learn 
phpmyadmin) and things get a bit 
more challenging. 

For the purpose of this article, 
I'm assuming access to the 
command line of a fresh install of 
Ubuntu Server 14.04. 

Step #1 - Update Ubuntu 
Server: 

sudo apt-get update 
sudo apt -get dist -upgrade 


Step #2 - Install Apache, 
MySQL, PHP, and some 
basic PHP libraries: 

sudo apt-get install apache2 
mysql-server php5 php5-mysql 
php5-gd 

Several other dependencies are 
automatically added when you 
install Apache, MySQL and the 
basic PHP libraries. 

During the install process, you'll 
be asked to enter a password for 
the root user to access MySQL 
databases. The password you use 
should be long and complex, 
especially if you plan on exposing 
the site to the Internet (as 


opposed to Intranet). 

When the installation finishes 
you may notice a message similar 

to: "apache2 could not reliably 
determine the server's fully 
qualified domain name, using 

127.0. 1. 1. Set the ‘ServerName' 
directive globally to suppress this 
message.” 

We need to set the fully 
qualified domain name (FQDN). 

Step #3 - Set the Fully 
Qualified Domain Name: 

The FQDN consists of 2 parts, 
the hostname of the computer 
running the server, and the domain 
name. There are a couple of ways 
you can solve the FQDN problem, 
the first is to set the FQDN with 
the 127.0.1.1 I.P. address in 
/etc/hosts (in this case my 
hostname is drupal8). 

127.0. 1.1 drupal 8 

The second, and preferred 
method is to set the ServerName 
directive in /etc/apache2/conf- 

contents ~ 


php5_ invoke opcache: already enabled for apacheZ SflFI 
Nodule npn_event disabled. 

Enabling nodule npn_prefork> 
apacheZ_switch_npn Sultch to preform 

* Restarting ueb server apacheZ 

0HG0558: apacheZ: Could not reliably deternine the server's fully qualified dona 
in nane , using 1Z7, 0.1.1* Set the 'ServerNane' directive globally to suppress tJi 
is nessage 

[ flK ] 

apacheZ_ invoke: Enable nodule php5 

* Restarting ueb server apacheZ 

0H00558: apacheZ: Could not reliably deternine the server's fully qualified dona 
in nane, using 1Z7. 0.1.1* Set the 'ServerNane' directive globally to suppress t!i 
is nessage 

[ flK ] 

Setting up php5 (5. 5. 8+dfsg- lubuntut.il) *** 

Frocessing triggers for libc-bin (Z.l8-0ubuntu6.6) + + + 
char lesPdrupa 18 :"3 
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available/fqdn.conf and enable the 
configuration with the apache 
program a2enconf. First set the 
ServerName directive in 
/e tc/a pa c h e 2/co n f- 
avai la b le/fq d n .co n f: 

ServerName localhost 


Next we need to enable the 
configuration file. It's important to 
note that the conf file must end in 
.conf. We can enable the 
configuration file with a2enconf: 

sudo a2enconf fqdn 

Lastly we need to reload 
Apache: 

sudo service apache2 reload 


Step #4 - Download and 

UNPACK DRUPAL AND MOVE 

it to /var/www/html: 

For the purpose of this article 
I'm assuming you're just running a 
single website on a single server. If 
you plan on running multiple sites 
on the server your setup will be a 
little different. For multi-site 
setups, you'll need to know a bit 
about modifying apache 
configuration files in 


/etc/apache2/sites-available. For 
this single site, we’re just going to 
use the already enabled 000- 
default.conf file which points to 
/var/www/html for the web server. 

The simplest method to 
download Drupal is to use wget. 
Version 7.39 is the current stable 
version at the time of this article. 

wget 

http : //ftp . drupal . org/f iles/p 
ro jects/drupal-7 . 39 .tar .gz 

Next unpack Drupal 7: 

tar -zxvf drupal-7 . 39 .tar .gz 

At this step, you may want to 
change into the drupal-7.39/ 
directory and read the INSTALL 
and README files. If you’re using 
PostgreSQL instead of MySQL, be 
sure to read the INSTALL.pgsql.txt 
file. If you run into problems 
installing with MySQL, you might 
also want to have a look at the 
INSTALL.mysql.txt file. The 
INSTALL.txt file gives an overview 
of an overall installation. If you've 
changed into the drupal-7.39 
directory, make sure you're above 
it for the next step, moving the 
drupal folders to /var/www/html: 


sudo mv drupal-7.39/* 
/var/www/html 

sudo mv drupal-7 . 39/ .htaccess 
/var/www/html 

If your server is also your 
desktop machine (generally not a 
great idea), you can check it out in 
a web browser by typing 
http://localhost/ into the web 
browser. From another Linux 
machine, you can type in the 
hostname of your web server 
http://drupal/. Despite adding the 
drupal files to /var/www/html, we 
still get the apache splash screen 
because there's an index.html file 
in the /var/www/html folder. 
Getting rid of this file will display 
the drupal installation when you 
navigate to the hostname/FQDN. 

Step #5 - Create the 
MySQL database to hold 

THE DRUPAL FILES: 


Before we can set drupal up, it 
needs a database to write to. 
MySQL is one of the most common 
databases in the world and a great 
choice here. You can use a web 
interface to mysql, but I've always 
preferred to just run mysql itself 
and issue commands: 

mysql -u root -p 

The -u switch tells mysql the 
user is the root user. The -p switch 
is used for passing the password, 
but if you don't put one after the 
-p, it will prompt you for the 
password (a better idea if you work 
with other people around). A tip 
worth remembering is that mysql 
commands are terminated with a 
semicolon. At the mysql> prompt, 
create a database with whatever 
name you want, I tend to use 
d sitename: 


create database d_test; 


UelcomE to the FlySljL monitor. Commands end with : or \g . 

Your rtySQL connection id is 37 

Scr uer vers ion: 5 . S . "H OiibuntoG . 14 . 04 . 1 (libuntu ) 

Copyright (c) Z0Q0, £015. Oracle and/or Its affiliates. All rights reserved. 

Oracle is a registered trademark of Oracle Corporation and/or its 
affiliates. Other names nay be tradenarks of their respective 
owners . 

Type 'help; 1 or p \h p for help. Type Ac 1 to clear the current input statement. 


nysg|> 
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IP the command is successful, 
you'll see a "Query OK, 1 row 
affected" message. To see what 
other databases exist, use the 
show databases; command. Next 
we want to grant rights to access 
the database to a user who exists 
on the system. In my Ubuntu 
installation I used the username 
Charles. The proper rights for the 
database can be found in the 
INSTALL.mysql.txt file. 


grant select , insert, update, 
delete, create, drop, index, 
alter, create temporary 
tables on d_test . * TO 
'Charles' localhost' 
IDENTIFIED BY 

'MyExtraOrdinarilyLOngPaddwOr 

d' ; 


Don't forget the .* after your 
database name. I did this several 
times when I was first starting to 
use mysql and couldn't figure out 
why I kept getting an error. 

Next quit mysql by issuing the 
quit; command. If you run Is -al on 
the files in /var/www/html, you'll 
notice they all have your username 
and group attached to them. 
Before installing drupal we want 
to change the group to the www- 
data group: 


sudo chown -R :www-data * 


sudo chown :www-data 
.htaccess 

If you want to specify a 
different username, specify it 
before the colon. For example: 

sudo chown -R Charles :www- 
data * 

Be a bit careful about the files 
you're changing permissions on. 
Make sure you're in the path where 
your drupal files are. Drupal also 
needs to be able to write to the 
configuration file in the 
sites/default directory, so 
temporary write permission needs 
to be given to this directory: 

sudo chmod a+w sites/default 

It's important that this write 
permission be removed 
immediately after the installation 
or your server could get hacked! 

Drupal has a 

default.settings.php file in the 
sites/default directory that needs 
to be copied as settings.php. 

sudo cp 

sites/default/default . setting 
s .php 

sites/default /settings .php 

(Note: the above command is all 


one line with a space between 
default.settings.php and 
sites/default/settings.php) The 
settings.php file also must be 
writeable, and as with the 
sites/default directory, you should 
remove write permission after the 
installation. 

sudo chmod a+w 
sites/default /settings .php 

We're almost ready to install 
drupal, there's one more step we 
need before running the 
installation PHP script, enabling 
mod_rewrite. Mod_rewrite is an 
apache module that enables 
rewriting of urls so they look more 
clean. For example: Instead of your 
browser going to 

yoursite.com/en/ref=as_ss_tl?, the 
web site points to 
yoursite.com/example. To 
accomplish this type: 


sudo a2enmod rewrite 

Because mod_rewrite affects 
apache a restart is needed. 

sudo service apache2 restart 

Step #6 - Start the 

DRUPAL INSTALL FROM A 

browser: 

The next step is to run the 
install.php file from a browser. If 
you've eliminated the index.html 
(not index.php) file, you should be 
redirected to the install.php file 
when you open the URL to your 
web server. I use Linux almost 
exclusively most of the time, but if 
you're using a Windows machine to 
access your Linux web server, you 
may need to tell the Windows 
machine hosts file which I.P. 
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address your Linux server resides 
on. On Windows, this file is 
C:\WINDOWS\system32\drivers\et 
c\hosts. On Ubuntu/Xubuntu, just 
enter your server URL into the 
browser. For example: 
http://drupal/ 


message indicating so. 

Enter the database information 
from the earlier database you 
created into the database 
configuration page and click Save 
and Continue. 


Choose Standard Installation. 
English is the built-in language. 
Other languages can be added and 
there's a link on how to do this on 
the installation page. The 
INSTALL.txt file covers installing 
other languages. For the moment 
click Save and Continue. 

If all the steps above have been 
completed correctly you’ll see the 
Drupal database configuration 
screen. If write permission is not 
set on sites/default, or the 
settings.php file is missing from 
that directory, you'll see an error 


At this point Drupal will write 
the settings to the settings.php 
config file. We can now safely 
remove write permissions on this 
file and the sites/default directory: 

sudo chmod go-w 
sites/default /settings .php 

sudo chmod go-w 
sites /default/ 

The last step in setting up our 
Drupal installation is to enter your 
site information, including the 
name of your site, the site e-mail 
address (the address that will send 
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mail to users from), your admin 
username/password and admin 
email address (called the site 
maintenance account), the server's 
default country and time-zone, and 
whether or not you want to check 
for drupal updates automatically 
and receive email notifications of 
releases (a good idea). Click Save 
and Continue. 

Now you can proceed to log 
into your newly created Drupal 
site. 

This article has covered a basic 
installation of Drupal. Some of the 
concepts, such as creating a mySQL 
database, enabling mod_rewrite, 
installing PHP and PHP libraries 
will be useful installing other 
content management systems and 
wikis. It's a complex process and 
although the INSTALL.txt files are 
available, I always found I needed 


to write down my own steps to 
remember the steps I got stuck on. 

If you get stuck during the 
process of installing Drupal, there 
are several good resources: 

• The INSTALL.txt and README.txt 
files in the drupal-7.39/ directory 

• Drupal's Quick Install for 
Beginners: 

https://www.drupal.org/document 

ation/install/beqinners 

• Apache virtual hosts examples: 

http://httpd.apache.Org/docs/2.2/v 

hosts/examples.html 

• 2bits.com - Besides having 
developed more than 30 modules 
for Drupal and being a server 
tuning company, 2bits has a lot of 
useful articles on Drupal - 
http://2bits.com/contents/articles 
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UBUNTU PHONES 

Written by Ronnie Tucker 


Aquaris E4.5 and E5 
Ubuntu Editions debut in 
India with Snapdeal 



Editions in Europe. 

Phones will come preloaded 
with a number of scopes 
developed specifically for the 
Indian market. 

The Aquaris E4.5 and Aquaris E5 
Ubuntu Edition handsets are set to 
launch in India through Snapdeal, 
India's largest online marketplace. 
This follows on from two 
successful Aquaris Ubuntu Edition 
handsets launched in Europe 
earlier this year; the Aquaris E4.5 in 
February, and the Aquaris E5 in 
June. The devices will be available 
for purchase from Snapdeal by the 
end of August at a price of Rs 
1 1 ,999 for the Aquaris E4.5 and Rs 
1 3,499 for the Aquaris E5. 


T he Aquaris E4.5 and Aquaris E5 
Ubuntu Editions are to be sold 
through Indian online marketplace, 
Snapdeal 

(http://www.snapdeal.com) . 

It marks the inaugural launch of 
Ubuntu phone in India following a 
successful rollout of the Aquaris 
E4.5 and Aquaris E5 Ubuntu 


BQ GOES GLOBAL WITH 

Ubuntu 

he successful European 
launches of the BQ Aquaris 
E4.5 Ubuntu Edition, and its 
slightly larger brother, the BQ 
Aquaris E5 HD Ubuntu Edition, 



have seen the appetite for Ubuntu 
phones grow the world over. 

As a result of this latent 
demand, BQ has created an 
Ubuntu global store where anyone 
can now buy an Aquaris Ubuntu 
Edition handset. We're really 
excited by this move and BQ's clear 
commitment to ensuring more of 
our fans worldwide get their hands 
on these devices. Visit BQ's global 
store at: http://store.bq.com/ql/ 


We know (and BQ has 
acknowledged) that network 
frequency, and mobile operator 
compatibility in some countries, 
such as the US, will limit some of 
the handset and OS functionality 
that European users are presently 
enjoying. However, this worldwide 
launch will provide the opportunity 
for our fans across the globe to 
get a taste of the Ubuntu OS and 
experience it for themselves on a 
great range of BQ devices. 
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MY STORY 

Written by Jim Dyer 


M y goal was to install Ubuntu 
Linux 14.04, but then 
Windows 8.1 and related changes 
ruined my good plan. 

In late July of 201 5, 1 got the 
idea to replace my oldest desktop 
computer, so I purchased a 
refurbished desktop at my favorite 
local computer store. The 
computer came with Windows 8.1 
installed, and my plan was to 
replace that with Ubuntu 14.04 LTS 
as I had previously done several 
times from Windows XP on two 
desktops and my Acer Netbook. 
Those earlier experiences had 
learning curves, but nothing that 
was a serious problem. However, 
this time, trying to install Ubuntu 
to replace the Windows 8.1 could 
be called very frustrating at best 
and a disaster at worst. 

I started the process a few days 
before leaving on a two-week 
vacation trip. At first I could not 
even get Ubuntu to install to the 
HD of the new computer. Some 
agony and more reading, and a few 
things that I failed to record, got 
me to the point where Windows 


8.1 was gone and Ubuntu was 
installed. Along the way, I used 
GParted and deleted or modified 
partitions and, as noted above, did 
a few things that I unfortunately 
did not record. Installed - yes, boot 
into Ubuntu - NO. 

After hitting the "it will not 
boot" wall, I set it aside and left for 
vacation. Sadly, my brain continued 
to rehash the frustration as I 
traveled. I had only my Kindle Fire 
tablet with me so it got some 
workout searching Google for 
information regarding the problem 
I had encountered. I read much 
then and more online after 
returning home. 

Once home, I turned to solving 
the 'will not boot' problem. Again, 
some frustration and agony, but no 
success. At that point, my brain 
asked "why don't you return this 
computer and get one that has 
Windows 7 installed?". That 
thought came from reading about 
Windows 8, Secure Boot and UEFI. 
You can search those things on 
Google as I did. I took my brain's 
advice, got a refurbished computer 


My Ubintu Install Disaster 


with Windows 7, installed Ubuntu 
14.04 LTS from a USB drive with no 
problem, and once more became a 
happy Ubuntu user. 

In hindsight it is not clear to me 
if I created part of my problem, but 
I do not think I did. After my 
reading, talking at the computer 
store and reading/emailing the 
computer manufacturer Support, I 
was still confused. Certainly 
Windows 8 changed the 
install/boot process, but there was 
some info that said the computer 
lacked basic support for Linux 
drivers and could not run Linux as 
an OS. Did not sound right to me, 
but I was wanting to get this 
frustrating problem behind me so I 
pressed on to success with the 
Windows 7 computer as noted 
above. 



Jim is a retired Chemical Engineer 
who has evolved through DOS, 
Windows 95/98/XP, and Mac OS 6 
....X to his current Ubuntu user 
status. 
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If you would like to submit a letter for publication, compliment 
or complaint, please email it to: letters@fullcirclemagazine.org 
PLEASE NOTE: some letters may be edited for space. 



Skype 

I n issue 98 you have the question 
"I have heard that Skype is 
available for Ubuntu. How should I 
install it?" 

Please note that while Skype is 
technically available for Linux, 
Skype (or rather Microsoft - since 
they own it now) has stopped 
supporting Linux, and a lot of 
additional features (like 
screenshare) don't work (in case of 
a multi-participant call) or have 
very poor quality (in a one-on-one 
call) when using Linux (compared 
to Windows/ Mac). 

People should look for an 
alternative (Google Hangouts 
works nicely). I didn't try Jitsy yet. 

Attila 


Multiple Passwords 
Script 

I know FCM #91 is not new but I 
just have read it. I have a few 
remarks about the article 'HowTo - 
Multiple Passwords With A Script'. 

First of all, I would like to know 
the principles of publishing 
articles. I ask it because of my 
ambivalent feelings about the 
named article. Although it could 
have been a good howto for 
newbies, it can be more dangerous 
than useful. Let me explain: It 
makes no sense to write a script to 
encrypt a text file which contains 
passwords. There are a lot of other 
ways to secure our passwords. Eg: 
password manager. 

If we do this anyway, we should 
not store the encrypted file on our 
Desktop and the logs of the script 
in our home directory, I think. 

The author of this article 
mentioned that he uses this 
homemade encryption script in 
business, too. The average reader 
and user might conclude that this 
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encryption method is safe because 
it was described by an expert. In 
my opinion using this script can 
give a false sense of security to the 
readers and users. 

In addition, this script is 
unchecked, it's from an author who 
is possibly not known by any 
reader. Full Circle Magazine is a 
great place to inform people about 
IT-security. To download and use a 
script by an unknown person 
(which is maybe downloaded from 
untrusted websites) is not safe. I'm 
afraid that publishing this howto 
was not a good idea at all. Maybe 
I'm wrong but I think that Full 
Circle Magazine has a task to teach 
the readers about careful 
computer usage. Publishing an 
article with a script to do 
something that can be done by 
other, more secure, ways is not 
logical. There are a lot of useful 
scripts published by Full Circle 
Magazine, but this is not one of 
them. 

So, because of my described 
feelings I wish to know on what 
basis you decide to accept and 
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D facebook.com/fullcircle 
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twitter.eom/#l/fullcirclemaq 

linkedin.com/companv/full- 

circle-maqazine 

ubuntuforums.org/forum 

displav.php?f=270 


Full Circle Needs You ! 

A Without reader input 
Full Circle would be an 
empty PDF file (which I don't 
think many people would find 
particularly interesting). We 
are always looking for articles, 
reviews, anything ! Even small 
things like letters and desktop 
screens help fill the magazine. 

See the article Writing for Full 
Circle in this issue to read our 
basic guidelines. 

Have a look at the last page of 
any issue to get the details of 
where to send your 
contributions. 
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publish an article. 

Sorry for the long letter, I just 
wanted to write about my feelings 
about publishing this howto. 

Vivien 

Ronnie says: By publishing the 
articles we have to assume that the 
writer has checked his or her articles 
for errors (either grammatical or 
technical). We're a bunch of 
volunteers and aren 't experts in 
everything. And, it goes without 
saying, that if someone runs a script 
(or tries anything) that we print, 
then it's at their own peril. 


Download All The 
Things! 

I remember seeing an article 
about a script to allow 
downloading of all past issues. Can 
you tell me how to get that? 

Boudi 

Ronnie says: Open a terminal 
and enter these commands one at a 
time: 


cd ~ /Downloads 
wget 

www. liedler . at/dl/dl_f cm_gui . 

py 

chmod +x dl_fcm_gui .py 
. /dl_f cm_gui . py 

Up should pop a GUI that will let 
you choose which issues to 
download. 
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wm&SSm& 




SO, SIR, OUR SPACE BOX WAS 

traveling at the speep of 

ZOOOO CRASHES PER MINUTE 


I SEE. STANPARP SPEER 





NOT REALLY SIR. THE ALIEN SAlP 
PlPN'T NEEP ANVTHlNG FROM US 
"EARTHLINGS'? HE SAlP THEV WER 
ALREAPV EVOLVEP INTO A REE 
PERFECT SOCIETY HE TOLP JAKE 
WAS 



EARTH'S SCIENTISTS ARE STILL IRVINS- TO FIGURE OUT HOW THE ASTRONAUT MANAGES TO SWEAT OUT OF HIS SPACE SUIT 





Q l messed up my ~/.bashrc file, 
how do I get a new standard 
one? 


runs with root privileges, so you 
don't need sudo, just: 

chmod 777 /dev/ttySO 


A (Thanks to steeldriver in the 
Ubuntu Forums) You can copy 
it from the /etc/skel/ directory. 

Q Can I use one of the recent 
Nvidia cards with Ubuntu? 

A Yes, see this thread: 

http://ubuntuforums.org/sho 
wthread.php?t=226331 6 
(Thanks to jempa333 in the Ubuntu 
Forums). 

Q l use the USB serial port to 
connect to routers, but every 
time it reboots I have to change 
permission for/dev/ttyUSBO and 
/dev/ttySO. How can I change this 
permanently so it has chmod 777 
on reboot? 

A (Thanks to SeijiSenseim the 
Ubuntu Forums) Add the 
command to the file/etc/rc.local, a 
script that runs after everything 
else that starts at boot, rc.local 


chmod 777 /dev/tty /USBO 

Q Netflix used to work perfectly 
in Chrome, but I haven't been 
able to get it to play movies for 
about the past month. When I go 
to the Netflix website, it loads 
normally - 1 can browse through 
programs etc - but if I attempt to 
play any video, I just see a still 
from the video (without the 
spinning red circle that shows it's 
loading) and, after a minute, a 
black screen appears that says 
"Whoops--something went wrong" 
with error code M7083-1 01 3. 

(Thanks to 

monkeybrain201 22 in the 
Ubuntu Forums) Probably your 
profile is corrupted. Close Chrome. 
Open the file manager at your 
home. Choose ‘show hidden files' 
from the menu or press Ctrl + h. 
Then locate the hidden directory 
.config (note the '.’), open it and 
rename the subfolder google- 



If you have a Linux question, email it to: misc@fullcirclemaqazine.org, and 
Gord will answer them in a future issue. Please include as much 
information as you can about your query. 


chrome to something like google- 
chrome-bak. Now start Chrome 
and see if it works. 

Top questions at 
Askubuntu 

* Can someone explain tilde 
usage? 

http://qoo.ql/PUudGJ 


* Shell script If syntax error 

http://goo.gl/ynHh61 

* What version is this Live CD / Live 
USB? 

http://qoo.ql/xzOqJQ 

* How to make it so that a file can 
only be executed by root, but not 
as root? 

http://qoo.ql/rtm60i 


* Is there any Ubuntu 14.04 theme 
to make it look like Windows 10? 

http://qoo.ql/t82dtq 


Tips and Techniques 



* Alert when terminal program 
finishes running? [on hold] 

http://qoo.ql/OMN25E 

* Which command should I use to 
open an mp3 file? 

http://qoo.ql/1 L8p1 d 

* Why do I need the x permission 
to cd into a directory? 

http://qoo.ql/ihnMWI 

* How to get a full size of directory 
without listing the files/dir within? 

http://qoo.ql/KuRczJ 


Private folder sharing 

W hen I try a new distro or 

version of Linux, I always set 
up a folder which is shared over 
the network, and access existing 
shared folders on other 
computers. I always make it wide- 
open, with no security, and it 
always works without any 
command-line effort, or editing 
configuration files. The network 
has computers running several 
Ubuntu variants and some 
Windows. Then the real world 
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came calling. 

I needed to set up a production- 
environment server with about 20 
private shared folders, to be used 
for personal backups. So Sally, 
Rebecca and John would each have 
a folder where they could back up 
their systems, and they could not 
see each other's backups. 


The chosen operating system is 
Xubuntu 1 5.04, and I got it to the 
point where it kind of works. From 
other Xubuntu or Linux Mint 
systems, everything just worked. 
From Windows, not so much. The 
server didn't even appear in 
Windows' Network file manager, 
although it was always accessible 
by IP address. Then, with nothing 


changing, the server appeared, and 
I could set up the shared folder as 
a drive in Windows. Flowever, when 
I tried to run a lengthy backup, the 
drive would disappear again, and 
the backup would fail. 

I'm still working on it, and I 
hope to give a more positive report 
next month. 


Gord had a long career in the 
computer industry, then retired for 
several years. More recently, he 
somehow found himself "The IT Guy" 
at a 1 5-person accounting firm in 
downtown Toronto. 


Quick Tip 

by Andy Lino 

I f you have a machine and you see the graphs peak but you don't 
know who is using the bandwidth, try this at the console: 

sudo iftop i ethO 

iftop has been built in to Ubuntu for several versions now. 

iftop: display bandwidth usage on an interface by host 

Synopsis: iftop h | [npblNBP] [i interface] [f filter 
code] 

-h display this message 

-n don ' t do hostname lookups 

-N don't convert port numbers to services 

-p run in promiscuous mode (show traffic between other 

-b don't display a bar graph of traffic 

-B Display bandwidth in bytes 

-i interface listen on named interface 

-f filter code use filter code to select packets to count 
-F net/mask show traffic flows in/out of IPv4 network 
-G net6/mask6 show traffic flows in/out of IPv6 network 
-1 display and count linklocal IPv6 traffic (default: off) 
-P show ports as well as hosts 

-m limit sets the upper limit for the bandwidth scale 


-c config file specifies an alternative configuration file 
iftop, version 1 . 0pre2 

copyright (c) 2002 Paul Warren <pdw@ exparrot . com> and 
contributors 

As you can see, this tool can give you the output to IPv4 and IPv6 
traffic, and also it should help you find out where your bandwidth is 
being used whether upstream, or downstream. 
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The Schneier Model 




Security 

Written by Kevin O'Brien 


B ack in 2001 , there was an 

incident on September 1 1 that 
lead many people to go "OMG! We 
are doomed! We must increase 
security! Do whatever it takes!" 

And the NSA was happy to oblige. 
On 7/7/05 an attack in London 
added to the frenzy. I think it is fair 
to say that these security agencies 
felt they were given a mandate to 
"do anything as long as it stops the 
attacks," and thus was the 
overwhelming attack on privacy 
moved up a whole level. To be 
clear, security agencies are always 
pushing the limits, it is in their 
DNA. And politicians have learned 
that you never lose votes by 
insisting on stronger security and 
appearing "tough." 

But the reality is that security is 
never 100%, and the higher the 
level of security, the greater the 
costs in terms of our privacy and 
liberty. And it is also the case that 
total insistence on liberty and 
privacy would cause your security 
to go down as well, so you really 
should not adopt any simple- 
minded approach to this problem. 
In general, as you add layers of 


security, each added layer gives 
you less benefit. Some simple 
security steps can give you a lot, 
but as you add more and more, the 
added benefit drops, and we call 
this the Law of Diminishing 
Returns. By the same token, each 
added measure extracts an ever- 
increasing cost in terms of the loss 
of liberty and privacy. 
Conceptually, you could draw a 
couple of curves, one rising (the 
costs) and the other falling (the 
benefits), and look for where the 
curves cross to determine the 
optimum level of security that 
balances the costs and benefits, 
but in practice it is not that simple. 
Measuring these costs and 
benefits is tricky, and there is no 
simple equation for either curve. 
Nonetheless, the balance does 
need to be struck. 


questions to see what the cost vs. 
benefit calculation looks like for 
you. I am going to draw on his 
model to talk about security as we 
are discussing it in this series. 

There is an old joke about what 
constitutes a secure computer. The 
answer is that it has to be locked in 
a vault, with no network 
connection, and no power 
connection, and even then you 
need to worry about who can 
access the vault. It is a joke, of 
course, because no one would ever 
do this. We use computers and the 
Internet because of the benefits 
they give us, and having a 
computer in a vault is just a waste 
of money. We accept a certain 
degree of risk because that is the 
only way to get the benefits we 
want. 


In the wake of the 9/1 1 attacks, 
Bruce Schneier published a book 
called Beyond Fear: Thinking 
Sensibly About Security in an 
Uncertain World (2003). In this 
book he shows that hysteria is not 
a good approach to security, and 
that you need to ask yourself some 
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Five-Step Process 

For any security measure you 
are contemplating, you need to 
have a clear-eyed, rational look at 
the costs and benefits, and 
Schneier offers a Five-Step Process 
to accomplish this, This is a series 
of questions that you need to ask 
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in order to figure out if this 
particular measure makes any 
sense: 

• What assets are you trying to 
protect? This is what defines the 
initial problem. Any proposed 
countermeasure needs to 
specifically protect these assets. 
You need to understand why these 
assets are valuable, how they 
work, and what are attackers going 
after and why. 

• What are the risks against these 
assets? To do this you need to 
analyze who threatens the assets, 
what their goals are, and how they 
might try to attack your assets to 
achieve those goals. You need to 
be on the lookout for how changes 
in technology might affect this 
analysis. 

• How well does the security 
solution mitigate the risks? To 
answer this, you need to 
understand both how the 
countermeasure will protect the 
asset when it works properly, but 
also take into account what 
happens when it fails. No security 
measure is 100% foolproof, and 
every one will fail at some point in 
some circumstances. A fragile 
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system fails badly, a resilient 
system handles failure well. A 
security measure that is slightly 
less effective under ideal 
conditions, but which handles 
failure much better, can be the 
optimum choice. And a measure 
that guards against one risk may 
increase vulnerability somewhere 
else. And you really need to watch 
out for False Positive vs. False 
Negative trade-offs. It is a truism 
that any set of measures designed 
to reduce the number of false 
negatives will increase the number 
of false positives, and vice-versa. 

• What other risks does the 
security solution cause? Security 
countermeasures always interact 
with each other, and the rule is 
that all security countermeasures 
cause additional security risks. 

• What trade-offs does the security 
solution require? Every security 
countermeasure affects everything 
else in the system. It affects the 
functionality of the assets being 
protected, it affects all related or 
connected systems. And they all 
have a cost, frequently (but not 
always) financial, but also in terms 
of usability, convenience, and 
freedom. 

And going through this process 
once is not the end. You need to 


re-evaluate your choices as 
systems evolve, as technology 
changes, etc. 

Example: Passwords 

I have a cartoon on the wall of 
my cubicle that shows an alert box 
that says "Password must contain 
an uppercase letter, a punctuation 
mark, a 3-digit prime number, and a 
Sanskrit hieroglyph". We've all 
encountered this, and it does get 
frustrating. This is a humorous take 
on something that is an accepted 
best practice. I recall a story about 
a fellow who worked at a company 
that insisted he regularly change 
his password, and would also 
remember the 8 previous 
passwords and not let him use any 
of them again. But he liked the one 
he had, so he spent a few minutes 
changing his password 9 times in a 
row, the last time being back to his 
favored password. Was he a threat 
to security, or was the corporate 
policy misguided? Let's try Bruce's 
model and see where we get. 

• What assets is the company trying 
to protect? I think this has several 
possible answers. The company 
may want to prevent unauthorized 
access to corporate data on its 
network. Or the company wants to 
prevent unauthorized use of its 

full circle magazine #101 


resources, possibly with legal 
implications. And the company may 
be concerned to prevent damage 
to its network. All of these are 
good reasons to try and control 
who has access to this asset, and to 
protect it. But knowing which of 
these is being targeted may matter 
when we get to trade-offs and 
effectiveness of the proposed 
countermeasures. For now, let's 
assume the primary interest is in 
preventing unauthorized access to 
the data, such as credit card 
numbers on an e-commerce site. 

• What are the risks against these 
assets? Well if we are talking about 
credit card numbers, the risk is that 
criminals could get their hands on 
these numbers. From the 
company's standpoint, though, the 
risk is what can happen to them if 
this occurs. Will this cause them to 
assume financial penalties? Will 
the CEO be hauled in front of 
legislative committees? Will their 
insurance premiums rise as a 
result? This is the sort of thing 
companies really care about. And 
when you understand this, you 
begin to see why companies all 
adopt the same policies. When 
people talk about "Best Practices", 
you should not assume that 
anyone has actually determined in 
a rational manner what the best 


practices should be. It only means 
that they are "protected" in some 
sense when the things go wrong. 
After all, they followed the 
industry "best practices". The 
biggest failure of security is when 
companies or organizations just 
apply a standard set of rules 
instead of creating a process of 
security. I see this criticized 
constantly in my daily newsletter 
from the SANS Institute. 

• How well does the security 
solution mitigate the risks? This 
becomes a question of whether 
forcing people to change their 
passwords frequently is a 
significantly effective measure in 
preventing unauthorized access to 
computer networks. And here is 
where things really start to break 
down. It is very difficult to come up 
with many examples of cases 
where a password in use for a long 
time leads to unauthorized access. 
That is simply not how these things 
work. We know that the majority 
of these cases derive from one of 
two problems: social engineering 
to get people to give up their 
password, and malware that 
people manage to get on their 
computer one way or another. I 
suppose you could make an 
argument that forcing people to 
frequently change passwords 
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might in rare cases actually do 
some good, but there is no way to 
say that this is in general an 
effective countermeasure against 
unauthorized access. 

• What other risks does the 
security solution cause? There are 
several possible risks that come 
out of this. First, since all security 
measures require a variety of 
resources (and people's time and 
attention is one of those 
resources), emphasizing one 
security measure may take 
resources away from more 
effective measures that don’t get 
sufficient attention. But there are 
also risks from how people act in 
response to this policy. In the ideal 
world of the security department, 
each person with access would 
choose a long, complicated 
password each time, chosen for 
maximum entropy, and then 
memorized but never written 
down. Sadly, for the security 
department, they have to deal 
with actual human beings, who do 
not do any of these things. Most 
people at the very least consider 
this an annoyance. Some may 
actively subvert the system, like 
the fellow in our story who 
changed his password 9 times in a 
row to get back to the one he 
liked. But even without this type of 


subversion, we know what people 
will do. If you let them, they will 
choose something that is easy to 
remember as their first attempt, 
and that means they will most 
likely choose a password that can 
easily be cracked in a dictionary 
attack. If you instead insist that 
each password contain letters, 
numbers, upper and lower case, a 
Sanskrit hieroglyph, and two 
squirrel noises, they will write it 
down, probably on a yellow sticky 
note attached to their monitor. If 
the person in question is a top 
level executive, it gets even worse, 
because they won't put up with the 
BS ordinary worker bees have to 
tolerate. 

• What trade-offs does the security 
solution require? This policy causes 
a major impact on usability and 
convenience, and all of this for a 
policy that we saw above actually 
accomplishes very little. In the 
majority of organizations, the IT 
department is viewed with a 
certain amount of hostility, and 
this is part of it. In addition, anyone 
in an IT Help Desk can tell you that 
they get a lot of calls from people 
who cannot login because they 
forgot their password, which is a 
natural consequence of forcing 
people to keep changing it. 


Bottom Line 

So what does all of this mean in 
the final analysis? I think it means 
that you need to carefully consider 
which measures are actually worth 
taking. And this is, at least in part, 
a cost vs. benefit analysis. For 
instance, as I write this, the 
Heartbleed vulnerability is in the 
news a good deal, and I got to hear 
Bruce Schneier discuss how people 
should react. And he did not say 
"OMG! Change all of your 
passwords right now!" He said you 
should assess the case. If it is your 
password to login to your bank, 
that is probably something you 
want to change. But if it was some 
social network you access once 
every two weeks, you needn't 
bother. And that seems 
reasonable. 

And as another example, 
although I have discussed how to 
encrypt e-mails and digitally sign 
them, that does not mean I open 
up GPG every time I send an e-mail. 
It is something of a pain in the 
posterior to do, and I use it 
judiciously. I don’t see the point in 
digitally signing every email when 
a lot of it is just stupid stuff 
anyway. 


Three Final Rules 

We will finish this discussion 
with Bruce's final three rules from 
Beyond Fear: 

• Risk Demystification: You need to 
take the time to understand what 
the actual risk is, and understand 
just how effective any proposed 
security countermeasure would be. 
There will always be a trade-off. If 
the risk is low, and countermeasure 
not particularly effective, why are 
you doing this? Saying "we must do 
everything in our power to 
prevent..." a risk that is unlikely, 
and where the countermeasures 
are not likely to work, is how you 
get to what Snowden revealed. 

• Secrecy Demystification: Secrecy 
is the enemy of security. Security 
can only happen when problems 
are discussed, not when 
discussions are forbidden. Secrecy 
will always break down at some 
point. This is the failure mode of 
Security by Obscurity. Most often, 
secrecy is used to cover up 
incompetence or malfeasance. 

• Agenda Demystification: People 
have agendas, and will often use 
security as an excuse for 
something that is not primarily a 
security measure. And emotions 
can lead people to make irrational 
trade-offs. 
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LINUX LOOPBACK 

Written by S. J. Webb 



T he 1980's saw an onslaught of 
malicious viruses as a response 
to increased home computers. As a 
teen, Richard Skrenta wrote the 
Elk Cloner that targeted Apple 
computers in 1 981 . It was the first 
wide-scale virus transmitted by 
disk that worked from the boot 
sector. Infected Apple computers 
would then transmit this virus on 
to a clean disk. Elk Cloner wipes 
the screen and would display a 
simple poem. 


In 1 983 Frederick Cohen (left) 


ELK CLONER: 


THE 

PROGRAM WITH 

A PERSONALITY 

IT WILL 
IT WILL 
YES IT 1 

GET ON ALL 
INFILTRATE 

S CLONER 

YOUR DISKS 

YOUR CHIPS 

IT WILL 
IT WILL 
SEND IN 

STICK TO YOU LIKE GLUE 
MODIFY RAM TOO 

THE CLONER! 





began using the term virus to 
describe programs like Rabbit and 
Creeper. These programs worked 
very much like a real life virus. In 
1 986, the first IBM PC virus was 
Brain Boot that originated out of 
Pakistan. In 1987 six more viruses 
populated: Cascade, Jerusalem, 
SCA, Vienna, Lehigh, and Christmas 
Tree. These viruses were boot 
sector viruses aimed at crippling 
the executable files on the hard 
drive. 

In the 1 990's the viruses 
became more complicated, moving 
from the boot sector. The first 
polymorphic virus named 1260 is 
created by Mark Washburn. This 
virus used encryption code and the 
Vienna as a source. 

The media painted the 
Michelangelo virus as being the 
digital end of times in 1992. This 
virus was supposed to wipe out 
over a million hard drives. In 
reality, the damage from 
Michelangelo was over-estimated. 
By the end of 1990's, over 14 
various viruses arose in the digital 
world. The commercial 
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development of antiviral programs 
started. The increased popularity 
of the internet helped spread viral 
infection rates. Over 30 plus 
viruses were generated from 2000 
to 2005. Luckily these viruses 
targeted the Windows OS. 

However let's review some of the 
Linux viruses. 

The first Linux virus arose in 
1 996, and was Stoag. It exploited 
holes in the kernel and infected 
executable binary files. Bliss rose a 
year later, it was written to prove 
that Linux is not virus-proof, and it 
also affected executable binary 
files. At the end of 1 999, Vit 
developed as a cross platform OS 
infector. It also affected 
executable binary files. 

At the start of the new century, 
a number of harmless non-memory 
resident parasitic viruses 
developed: Winter.341, Zip Worm, 
Satyr, Rike, and Ramen. By the mid 
2000's, three aggressive Linux 
viruses were produced: Badbunny, 
Kaiten, and Koobface. Badbunny 
would infect via an openoffice 
document file format, and display 
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a lewd picture. Kaiten allowed for 
backdoor access to a Linux 
platform. Koobface is spread by 
social networks aimed at gathering 
login information. 

Many experts agree that Linux 
is not impervious to viruses. 
However the requirement for root 
access on many distros diminishes 
the ability of viral infection on the 
hard drive. The biggest threat to 
Linux users is social engineering. 
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Written by Joseph Michaels 


Retro Game Console Emulators 


A n Ubuntu user 
since 2007, 1 
consider myself a 
long-time user. In 
computer years, 
using just one 
operating system at 
home for eight 
years is a long time. 
Before that I was an 
avid Macintosh 
proponent for many 
years. The moment I 
installed my first 
Linux distro, called 
Ubuntu, I was simply 
amazed at how fast 
it made an old 
computer run. I was 
hooked. Never again 
would I dish out an 
outrageous amount 
of money for a 
name-brand 
computer that ran a 
solid operating 
system - which was 
Apple's OS X. Now I 
was empowered to 
find a used 
computer, at a 
fraction of the cost, 


install Ubuntu on it, and I was gold. 
Several times I even got free 
computers from a business that 
was replacing its 4 year-old 
Windows computers with new 
ones. The systems that were 
doomed for the dump found new 
life when I installed Ubuntu on 
them. 

A few years ago, I tried to run 
game console emulators on 
Ubuntu. At the time, the only 
emulators that were available, or 
would work, were the Windows 
emulators. So I used Wine to run 
those emulators. I was not a big 
fan of Wine, as it was hit or miss on 
which programs would work. 
Eventually, I removed Wine from 
my system. Years went by before 
I'd try emulation again. In fact, I 
didn't rediscover it again until 
about nine months ago. This time, I 
was quite delighted to find that 
several emulators, made just for 
Linux, worked very well on Ubuntu. 

Before I go any further, I'd like 
to do a bit of housekeeping. It's 
perfectly legal to download and 
own the emulators. However, it's 


the game roms that may still be 
protected by copyright laws. It is 
up to you to ensure that you are 
using the game roms legally in 
your country. There are oodles of 
articles on the internet concerning 
this, so I'll leave the Googling and 
reading up to you. The game roms 
can be found on the internet - I'll 
leave it at that. 

Shown far left is a screenshot of 
the bottom left of my launcher. 
From top to bottom we have the 
emulators PCSX, Snes9x, bsnes, 
Kega Fusion, FCEUX, and GFCE. 

PCSX is the PlayStation one 
(PS1) 32-bit emulator. It can be 
installed from the Ubuntu 
Software Center. From my 
experience, about half the game 
roms will work with this emulator. I 
mainly use this emulator to play 
sports games. There were so many 
sports games made for the PS1, 
that you'll easily find that more 
than enough games work for the 
sport you're interested in. Of 
course there are various other 
types of games available for the 
PS1 - from first person shooter 


games to platform games to 
whatever you desire. On my 
1600x900 monitor, I set the PCSX 
to run in a 1 360 x 768 window. You 
can play it at full-screen, but I like 
to keep access to my system, thus I 
play it in a window. 

I don't have a dedicated video 
card on my system, and that's not 
because I haven't tried them. In 
fact, I installed an Nvidia GT 610 
with one gig of ram. After viewing 
the System Monitor for a while, I 
could tell that my Core 2 Duo 
processors were being taxed more 
than before the card was installed. 
In fact, I was experiencing a 
slowdown in frames-per-second in 
some of my emulators because of 
it - so I sent that card back. I 
decided to try an older card for my 
system, and I got an Nvidia NVS 
300 card that had 500 megabytes 
of memory. It did better, but still 
some of my emulators were 
slowing down. So I returned the 
second card and decided to stick 
with the integrated video that my 
motherboard had built in. Both 
cards would have worked great for 
me if my goal was to play native 
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Linux games. In fact, I downloaded 
0 A.D., and that game worked very 
smoothly with either of the cards; 
it plays choppy without a card. But 
my gaming is all emulating, so I 
made the decision to go without a 
dedicated video card. The PCSX 
emulator has the option to use the 
OpenGL 1.1.78 driver, and even my 
integrated video can do that, so I 
do use OpenGL with that emulator 


and it works fine. There's also the 
option to use the Xvideo driver, but 
my system won't play the roms 
right using that choice. The PCSX 
emulator will play more game roms 
if you get the PS1 bios file for it. It 
can be found on the internet, and 
that's all I'll say about that. 

The next emulator on my 
launcher is the Snes9x emulator. 


This has become my favorite 
emulator, even though it emulates 
a 1 6-bit system - the Super 
Nintendo console. I used to like 
PCSX best, but I've really enjoyed 
the Super Nintendo games the 
most in the past few months. Most 
emulators allow you to save state 
and load state - usually in a menu 
option, or by assigning them to 
keyboard keys. In addition to 
allowing this, Snes9x lets you 
assign those states to the 
gamepad controller you're using. 
So you can quickly save state while 
you're playing; if you die no 
problem, just click the load state 
button on your gamepad and give 
it another go. Being able to do this 
on the gamepad adds a most 
enjoyable element to playing 
platform games where you are 
trying to advance to the next level 
or beat a game boss. Some folks 
say it's cheating, or consider it an 
abuse of the save state and load 
state buttons when you beat a 
game this way, because that 
option wasn't available on the 
original consoles. I'm not such a 
purist, especially since this 
heightens my enjoyment of the 
games. 

Snes9x has the option of letting 
you choose the OpenGL driver, the 


5nes9x 
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Xvideo driver, or allowing the 
software scaler. I simply let the 
software run the game. The 
OpenGL is apt to slow down as my 
OpenGL is too ancient, and the 
Xvideo driver doesn't give vivid 
graphics. For screen resolution, I 
set the preferences to change full- 
screen resolution to 1600x900 and 
set it to use full-screen when 
opening a game rom. Also, I set the 
screen preference to maintain the 
Snes 4:3 aspect ratio. With these 
settings, as soon as a game rom is 
loaded, I tap the escape key once, 
and the games snap down in size 
so that the launcher and top of the 
Unity desktop is accessible - again, 
giving me access to the computer 
while playing. One last thing about 
Snes9x is that version 1 .53 works 
only on Ubuntu 1 2.04 LTS. I 
attempted to install multiple 
versions on two 14.04 LTS systems 
and it would not work on either 
one. That's one of the reasons I've 
stayed with 1 2.04 LTS. This needs 
to be fixed. Another emulator that 
many users have had problems 
with in 12.04 and 14.04 is Zsnes - 
it's been widely reported on the 
forum that it freezes up at 35 
minutes and I can certainly verify 
that. 

Snes9x is not in the Ubuntu 

it 
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Software Center. If you have 
Ubuntu 1 2.04 LTS, you can install it 
with the terminal: 

sudo add-apt-repository 
ppa : bearoso/ppa 

sudo apt-get update 

sudo apt-get install snes9x- 
gtk 

Next on my launcher is the 
bsnes emulator, which is obviously 
another Super Nintendo emulator. 
This emulator is in the software 
center and is described as an 
emulator that focuses on accuracy, 
debugging functionality, and clean 
code. If you choose to install this 
one, make sure you also install 
snespurify (if it doesn't 
automatically install with bsnes). 
This emulator requires higher 
system requirements, although 
they don't tell you the minimum. I 
can, however, attest to the fact 
that it does indeed cause both of 
my processors to use 60 to 80% of 
their processing power. Compare 
that to the 20 to 40% that Snes9x 
makes my two processors work. 
Bsnes doesn't give you the option 
of OpenGL or Xvideo, but it 
probably uses OpenGL as its 
successor uses a higher version of 
OpenGL. I don't use bsnes very 


often for three reasons. First, you 
have to use the mouse to go to a 
menu to save state and load state. 
Second, you have to open 
snespurify and use that to "purify" 
each game rom that you want to 
play - resulting in a new game rom 
file being created that bsnes can 
open. Third, Snes9x seems just as 
accurate to me. I keep bsnes as a 
backup, in case Snes9x would not 


open a particular rom or if Snes9x 
stopped working for some reason. 
Bsnes also can run NES, Game Boy, 
and Game Boy color roms. I have 2 
other emulators for NES; besides, 
the Game Boy type roms are such 
low resolution that they don't 
interest me. The successor of 
bsnes has had its name changed to 
is Higan. In the software center, 
Higan is available for 14.04 LTS and 


bsnes is available in the 1 2.04 LTS 
software center. Snespurify is not 
needed for Higan - it's built in. 

The next emulator, with the 
blue and orange letter K, is Kega 
Fusion. This is the emulator for the 
Sega Master System, Game Gear, 
Genesis, and SegaCD. I use it to 
emulate Sega Genesis game roms. 
There are many heated debates on 
which console is superior - the 
Sega Genesis or the Super 
Nintendo. I've read quite a few 
online articles where folks take 
sides, and some objective articles 
where the specifications of each 
system are compared. Many of the 
SNES specs were superior because 
that system came out later; 
however, the Sega still had a faster 
processor and boasted "blast 
processing." Many consider both 
systems to be the best console 
systems ever produced when you 
do a handicapped comparison of 
all the video game console eras. 
Games that were released on each 
console are often compared. And 
both had their signature games - 
Sonic the Hedgehog vs. Super 
Mario Brothers. Kega Fusion allows 
for a Genesis bios file, which you 
can find on the internet, but I've 
read that the Genesis did not have 
a bios file during most of its 
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production. The emulator seems to 
work equally well with or without a 
bios file selected. Neither Snes9x 
nor bsnes require the user to 
select a bios file either. I only 
recently added Kega Fusion to my 
arsenal, but it has loaded the few 
games I've thrown at it nicely and 
plays well. In the past I attempted 
to get the Sega Saturn emulator 
called Yabause (in the software 
center) to work - without success. 
So I had been looking for some 
type of Sega emulator for some 
time - Kega Fusion was suggested 
by a user on the Linux Mint forums. 
Although Kega Fusion doesn't 
allow one to program the gamepad 
for save/load states, it does allow a 
quick tap of one of two functions 
keys to do this - which is much 
better than mousing around in 
menus. I'm really looking forward 
to playing more Genesis game 
roms. 

The next emulator is FCEUX, 
which is the 8-bit Nintendo 
Entertainment System emulator. 
One could use bsnes or Higan to 
emulate NES games, but FCEUX 
uses less than half the system 
resources. FCEUX does have one 
limitation - it doesn't allow for full- 
screen play. One can increase the 
window size to 3x scale, which 


basically makes a window about 
one half to one third the size of 
your screen. This is fine and I've 
found it to be quite playable. 
FCEUX does apply a video filter to 
the games, which smooths out the 
pixels. The emulator doesn't show 
in any menus which video filter it 
uses, and has no option to turn it 
off - which many emulators do 
offer. 

GFCE is the last emulator, and 
it's also an NES emulator. GFCE 
allows for full-screen play. In the 
past, GFCE worked well in 14.04 
LTS; however, my recent attempts 
to use it on 1 4.04 LTS were 
unsuccessful and thus I removed it 
from that system. So GFCE seems 
to work well only on 1 2.04 LTS 
systems at this time. I basically 
keep it around because it allows 
full-screen play. 

Those are the emulators that 
I've been using with Ubuntu. Now I 
want to wrap this up with a few 
words about gamepad controllers. 
Since the days I used Macs, I've 
been using the Gravis gamepad 
pros - a company absorbed by 
Kensington years ago. When I 
started getting into emulation 
again, I picked up two of them 
from eBay. They work well and are 
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inexpensive, but I began craving a 
controller with more... urn... 
control. After some reading and 
posting on the Ubuntu forums, two 
controllers came to the forefront - 
and I was looking for the more 
inexpensive wired usb controllers. 
The Microsoft Xbox controller and 
the Logitech f310 gamepad were 
the frontrunners. I couldn't stand 
the thought of purchasing 
something from Microsoft, so 
Logitech it was. I found a 
refurbished f3 1 0 on Amazon for 
around $10 plus shipping, so I 
pulled the trigger on it. I was most 
impressed with this gamepad, and, 
even though refurbished, it looks 
new. It was much more accurate 
than the gravis gamepads and it 
has a high quality feel. I ordered 
another one and it was equally 
nice. Both gamepads work with the 
emulators without any needed 
software or drivers. I have used a 
friend's wireless Xbox controller 
with the emulators. It works very 
well; however, I could not get the 
joystick on it to work. The Logitech 
F310 has a mode button to quickly 
switch between joystick and d-pad. 
One advantage of the Xbox 
controller, that I’ve read, is that it 
has levels of sensitivity in the 
joystick for non-emulator/native 
games like first person shooter 
I 56 


games. This feature isn't needed in 
emulators though, because these 
classic game consoles didn't have 
such an advanced feature in their 
controllers. 
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Written by Oscar Rivera 


The Talos Principle 


W ho are you? Who will you 
become? Where do you 
come from? Where are you going? 
Who put us here? 

These are but a minuscule grain 
of questions either asked, 
insinuated or derived from the 
game The Talos Principle which 
was simultaneously released on 
December 2014 for Microsoft 
Windows, OS X & Linux. The Talos 
Principle is a first-person puzzle 
game developed by Croatia's 
Croteam and distributed by 
Devolver Digital. The game aims at 
making the player think not only 
through the puzzles it offers, but 
also through the story-line which is 
very philosophical in nature. When 
you first begin the game, in its 
default first-person view, it seems 
like you play the role of a human 
being awakened in an ancient 
Greek city-state, but, after solving 
a handful of puzzles, you begin to 
question your own existence as it is 
hinted that perhaps you're either a 
robot or a computer program 

which was created by ? Well, 

that's yet another question the 
game forces you to ask - who 


created you? 

The Talos Principle can be 
bought for around $40 by going to 
www.croteam.com/talosprinciple/, 
or from Steam. There's also a demo 
available with only four puzzles - 
that will leave you wanting more. 
By the time I found out that I could 
have installed the demo, I had 
already solved twice as many 
puzzles as the ones included in the 
demo. 

Originally conceived to be 
played on computers, The Talos 


Principle can best be played with a 
mouse/keyboard but there's also 
the option of using a game 
controller if you're so inclined. 
Movement is controlled via the 
standard WASD keys and to look 
around you use the mouse. The 
mouse's left-click/right-click 
buttons are used to interact with 
various objects throughout the 
game. If you like Portal or other 
similar puzzle games, then you'll 
feel right at home with The Talos 
Principle. Being a fan of the Portal 
games and having seen the overly 
positive response from critics and 


players around the world, I decided 
to buy The Talos Principle. It was 
money well spent. Since I bought 
the game, there has been one 
more DLC released, The Road to 
Gehenna, which includes more 
playable content and is selling for 
around $1 5 at the time of this 
writing. However, there are other 
DLC packages available which are 
smaller in both size and price. 

Playing The Talos Principle is 
pretty straightforward for anyone 
who's ever played a first-person 
shooter in the past. The main 
difference is that you're not 
shooting anything. At the 
beginning of the game, you walk 
around what seem to be ancient 
Greek ruins in search of tetromino 
(think Tetris) shaped "sigils" which 
you must collect. However, your 
quest becomes much more 
demanding because, in order for 
you to reach each one of these 
sigils, you have to avoid being 
spotted by sphere-shaped drones 
and wall-mounted turrets, both of 
which will fire at you if they 
happen to spot you. It's literally 
impossible to reach the sigils 
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without setting off either a 
spherical drone or a stationary 
turret; so, in order to advance, you 
have to find and pick up portable, 
yellow jammers which will jam the 
drones or turrets thus rendering 
them useless. These yellow 
jammers also work on some 
seemingly electric gates that, 
unless deactivated, will not let you 
through. The real challenge is 
using the jammers properly to 
reach each one of the sigils. Some 
levels, for example, will have one 
spherical drone, one turret and 
one electric gate, but only two 
jammers, so it's up to you to figure 
out how to make two jammers 
work against three devices when 
each jammer can work against only 
one device at a time. Eventually, 


there are other devices introduced, 
both as tools you get to use or 
obstacles you need to overcome. 

The color-coded sigils you 
collect are also part of a greater 
puzzle. For example, some doors 
can be opened only by solving a 
sigil puzzle. Also, there are 
elevators that cannot be accessed 
unless you solve these sigil 
puzzles. When you have collected 
all sigils of the same color for a 
particular puzzle, then, when you 
reach its pertaining door or 
elevator, you will be required to 
solve the puzzle in order to make 
the door or elevator functional. 

To solve these sigil puzzles you 
must arrange the tetrominos in 




and intended to make you 
question the reality of your 
surroundings. The graphics, though 
not extraordinary, were above 
average, and in fact every now and 
then had an uplifting ray of 
sunshine or a dark depressing 
storm which most certainly 
affected my mood. It almost feels 
like it would be a crime to not have 
The Talos Principle available for 
Linux since you're constantly 
interacting with computer 
terminals that not only look but 
also work very much like a common 
Linux terminal. These terminals 
serve to better develop the story 
as you progress through the levels. 
Although the interaction with 
these terminals can be completely 
ignored if all you want is to solve 


such a way as to form a square, 
rectangle or whatever shape is 
presented to you. After completing 
a fair number of puzzles, you begin 
to see that all along you've been 
playing in the first of four worlds. 
Your quest begins in world A, but 
when you unlock the first elevator 
you're able to reach worlds B, C 
and Elohim's Temple Tower, which 
is forbidden to you when you first 
discover it. 


The Talos Principle feels as if it 
were made to be played on 
Ubuntu. I encountered zero 
glitches on this game. There were 
some random graphics & sonic 
static stuttering that, at first, I 
thought were glitches but turned 
out to be hints relating to the story 


full circle magazine #101 58 


A 


contents 


UBUNTU GAMES 


the puzzles, it is through these 
terminals that the story is being 
told and it is through this story- 
telling that life's deepest 
questions remain with you even 
after you exit the game. The main 
story-line is of a deeply 
philosophical nature and this is 
enhanced by the meditative 
soundtrack which is ideal for 
problem solving and for pondering 
life's greatest mysteries. 

As much as I like playing first- 
person games, I cannot play them 
for an extensive amount of time 
because I, like many other people, 
suffer from the motion sickness 
associated with FPS games. The 
Talos Principle has a medically 
comforting solution for the motion 
sickness problem by switching the 
game from a first-person 
perspective to a third-person 
perspective. If you suffer from 
motion sickness with FPS games, 
or you just prefer to look at your 
robot while playing the game, all 
you have to do is go into "Options," 
then you'll find a section fittingly 
labeled "Motion Sickness Options" 
which can be automatically set to 
minimize motion sickness, or you 
can fine-tune it by adjusting the 
available parameters, one of which 
is setting it to either first-person 


perspective, looking over right 
shoulder, or looking over left 
shoulder. Other options that 
caught my attention were the 
ability to run a benchmark as well 
as the option of showing the 
frames-per-second on the top right 
corner of the screen. The 
commonly found options of 
"graphics, sound, mouse/keyboard, 
controller and language" are also 
available along with the DLC, 
Workshop and Reward options. All 
in all, the added extras take The 
Talos Principle from being a great 
game to an excellent game. 


underlying story-line, which ties 
the puzzles together while also 
giving them more meaning, will 
indubitably make the player 
ponder humanity's ancient 
philosophical questions as they 
intertwine with sci-fi's ethical & 
improbable controversies. If you 
want a second opinion you will 
discover that critics have given The 
Talos Principle high scores across 
the board. 



I strongly recommend The Talos 
Principle after playing it over the 
last couple of months. It is an 
entertaining game that will 
challenge you in ways you never 
expected. Solving each puzzle 
gives you a deep sense of 
accomplishment, and, instead of 
making you put it away for another 
day, a puzzle solved encourages 
the player to keep playing and 
solve yet another puzzle. It plays 
remarkably well on Ubuntu via 
mouse/keyboard, but may require 
a compatible game controller if 
that is your cup of tea. Puzzles can 
be solved in a matter of minutes, 
which keeps the game's progress 
moving at a fast pace. The 
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Minimum System 
Requirements: 

• OS: Linux Ubuntu 12.04. 

• Processor: Dual-core 2.2 GFIz. 

• Memory: 2 GB RAM. 

• Graphics: nVidia GeForce 
8600/9600GT 51 2MB VRAM, 
ATI/AMD Radeon. HD2600/3600 
512MB VRAM. 

• Hard Drive: 5 GB available space. 

• Sound Card: OpenAL Compatible 
Sound Card. 

• Additional Notes: OpenGL: 2.1 or 
higher. 
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Cha Cha Cha Changes 

Our admin went AWOL for months, and 
I had no idea if/when the site 
would/wouldn't get paid. Initially the 
plan was to move the site and domain 
name to my hosting, but eventually I 
managed to track him down and get 
the FCM domain name, and site hosting 
transferred to me. 

The new site is now up. HUGE thanks to 
Lucas Westermann (Mr. Command & 
Conquer) for taking on the job of 
completely rebuilding the site, and 
scripts, from scratch, in his own time. 

The Patreon page that I’ve set up is to 
help me pay the domain and hosting 
fees. The yearly target was quickly 
reached thanks to those listed on this 
page. FCM is not going away. Don't 
worry about that. 

Several people have asked for a PayPal 
(single donation) option, so I've added 
a button to the side of the site 

A big thank you to all those who've 
used Patreon and the PayPal button. 
It's a big help. 

https://www.patreon.com/ 
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Questions for Q&A should go to: questions@fullcirclemaqazine.org 

Desktop screens should be emailed to: isc@fullcirclemaqazine.org 
... or you can visit our site via: : ullcirclemaqazine.orq 



— 

Full Circle Team 

Editor - Ronnie Tucker 

ronnie@fullcirclemaqazine.org 

Webmaster - Lucas Westermann 

admin@fullcirclemaqazine.org 

Podcast - Les Pounder & Co. 

podcast@fullcirclemaqazine.org 

Editing & Proofreading 

Mike Kennedy, Gord Campbell, Robert 
Orsino, Josh Hertel, Bert Jerred, Jim 
Dyer and Emily Gonyer 

Our thanks go to Canonical, the many 
translation teams around the world 
and Thorsten Wilms for the FCM logo. 
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Getting Full Circle Magazine: 



EPUB Format - Recent editions of Full Circle have a link to the epub file on the downloads page. If you have any problems with 
the epub file, you can drop an email to: mobile@fullcirclemaqazine.org 



Issuu - You can read Full Circle online via Issuu: ittp://issuu.com/fullcirclemaqazine . Please share and rate FCM as it helps to 
spread the word about FCM and Ubuntu Linux. 


Google Play - You can now read Full Circle on Google Play/Books. Either search for 'full circle magazine' or 
click this link: https://plav.qooqle.com/store/books/author?id=Ronnie+Tucker 
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